Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Packet capture problem, data missing

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Snoopy
      last edited by

      This is probably something quick and easy, but I don't have too much experience on packet capture.

      I'm trying to solve some SMTP problems by capturing packets at v1.2.3 pfsense box. I start capture from GUI, on WAN port, with default settings, port 25 and packet count 0. Internet connection is simple LAN UTP with MTU 1500, no dsl/pppoe stuff. When I download the capture, data is corrupted. There are 14 bytes missing every 1434 or so bytes, I'm not too good at hex either :) This is happening with all traffic. Only the capture is corrupted, real data goes out fine. When Wireshark decodes packets (a txt upload to FTP), I see this:

      
2012-09-18.08:19:05:934.1184.17d0.EEHndlr.Operator Detected: Size=1332,NumRules=1,Operator=3,Weight=4

2012-0              934.1184.17d0.EEHndlr.Operator Detected: Size=1312,NumRules=4,Operator=1,Weight=4

      I added a large space instead of missing data to make it more clear. The data is missing in raw capture too, at those places where packet headers (?) are inserted:

      
2012-09-18	08:19:05:934	1184	17d0	EEHndlr	Operator Detected: Size=1332,NumRules=1,Operator=3,Weight=4
2012-0$XPU  é   é   \^½√a ╧<└ E  tÄ@ k├¿Æ5┌|├rw¢╗ïû∙2PÇ ┐  934	1184	17d0	EEHndlr	Operator Detected: Size=1312,NumRules=4,Operator=1

      I tried running tcpdump directly in shell:
      tcpdump -i em0 -s 0 -w /tmp/wan.pcap
      This works fine, I see binary stuff of size ~70 bytes, repeated after every packet, and no data is missing.

      Is it possible that GUI packet capture does something to data?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Can you replicate this on 2.0.1 or 2.1?
        And what browser are you using?

        At this point, 1.2.3 is so far in the past it's not all that useful to get a bug report on it. The packet capture page did have some problems back then, but usually it would corrupt the start/end of the capture file, not the middle. Much of that page has been rewritten between 1.2.3 and 2.x.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          Snoopy
          last edited by

          I don't have v2 installation. Back when I was installing this server, v2 was still flaky, and since then 1.2.3 performed flawlessly.

          I've tried all major browsers, same result.

          I understand that my version is too old, maybe time to get out of my shell :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.