Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    unwanted(NATed) traffic captured from span port on ESXi vSwitch

    Scheduled Pinned Locked Moved
    Virtualization
    1
    1
    202
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      ferrets
      last edited by

      Here is the main topology, the pfSense is installed on an ESXi host.
      Snipaste_2020-08-04_12-22-42.png
      I was trying to capture LAN traffic, so I've followed the this guide, added a bridge with eth2 as member and eth3 as span port, the vswitch is a standard vswitch and I can captured the traffic from eth2.

      But I can also capture the NATed traffic from the monitor which should only appear in eth1 port.

      I'm not sure it's caused by wrong configure or somthing, so I tried to use tcpdump to capture pakcets on bridge0 and eth3, both of them shows that pfSense is not outputing NATed traffic.But when I tried to use pktcap-uw on ESXi host to capture packets, it shows that pfSens DO actually outputing NATed traffic.

      How can I fix this and stop pfSense stop outputing NATed traffic?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post