Hence this is not port may be right in that not many people use port on pfSense firewall itself to do the network capture. ![]() Note that I tried using all 3 available LAN ports to be the SPAN port and still the same issue. Or at least I cannot find anything wrong other than cannot capture returning traffic. But as soon as I remove the port that was configured as SPAN port and join it to the LAN bridge it started working fine. I started suspecting the small computer box that runs pfSense is having fault. The result is consistent, I do not see any returning traffic at all! I tried this capture on three different flavours of Linux including the Kali Linux running live off USB, and tried Wireshark on a Windows 10 laptop. SIP clients on my network work fine hence I know they did get the SIP challenge packet and that is why they would send out the 2nd register packet that returns a correct response to SIP's challenge. DHCP works fine on my network hence I know my hosts did get the DHCP offer and ack packets from DHCP server.įor SIP register conversation, I can capture the 1st SIP register packet and 2nd register packet that contains authorisation portion (username, password etc.) but I didn't see any SIP challenge packets that were sent from SIP server to SIP clients. I give two examples here, DHCP and SIP Register conversations.įor DHCP conversation, I can capture the DHCP discover and request packets, but no DHCP offer or ack packets ever been captured. In my case turning on or off this "promiscuous mode" makes no differences at all. Note that Wireshark by default uses "promiscuous mode" which enables us to see traffics not destined to our monitoring host. However, no matter how I tried, I can only see traffic originating from hosts on LAN, I cannot see any returning traffic back to those hosts. The intention is to capture all traffics originated from the LAN to the Internet and the returning traffics. ![]() I am currently doing some network monitoring by using Wireshark with a SPAN port configured on the LAN interface of a pfSense firewall box. This is probably more related to SPAN port for network monitor hence I am posting it here.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |