4. Packet capture problem, data missing

Packet capture problem, data missing

  • S

    This is probably something quick and easy, but I don't have too much experience on packet capture.

    I'm trying to solve some SMTP problems by capturing packets at v1.2.3 pfsense box. I start capture from GUI, on WAN port, with default settings, port 25 and packet count 0. Internet connection is simple LAN UTP with MTU 1500, no dsl/pppoe stuff. When I download the capture, data is corrupted. There are 14 bytes missing every 1434 or so bytes, I'm not too good at hex either :) This is happening with all traffic. Only the capture is corrupted, real data goes out fine. When Wireshark decodes packets (a txt upload to FTP), I see this:

    
2012-09-18.08:19:05:934.1184.17d0.EEHndlr.Operator Detected: Size=1332,NumRules=1,Operator=3,Weight=4

2012-0              934.1184.17d0.EEHndlr.Operator Detected: Size=1312,NumRules=4,Operator=1,Weight=4

    I added a large space instead of missing data to make it more clear. The data is missing in raw capture too, at those places where packet headers (?) are inserted:

    
2012-09-18	08:19:05:934	1184	17d0	EEHndlr	Operator Detected: Size=1332,NumRules=1,Operator=3,Weight=4
2012-0$XPU  é   é   \^½√a ╧<└ E  tÄ@ k├¿Æ5┌|├rw¢╗ïû∙2PÇ ┐  934	1184	17d0	EEHndlr	Operator Detected: Size=1312,NumRules=4,Operator=1

    I tried running tcpdump directly in shell:
    tcpdump -i em0 -s 0 -w /tmp/wan.pcap
    This works fine, I see binary stuff of size ~70 bytes, repeated after every packet, and no data is missing.

    Is it possible that GUI packet capture does something to data?

    0
  • Rebel Alliance Developer Netgate

    Can you replicate this on 2.0.1 or 2.1?
    And what browser are you using?

    At this point, 1.2.3 is so far in the past it's not all that useful to get a bug report on it. The packet capture page did have some problems back then, but usually it would corrupt the start/end of the capture file, not the middle. Much of that page has been rewritten between 1.2.3 and 2.x.

    0
  • S

    I don't have v2 installation. Back when I was installing this server, v2 was still flaky, and since then 1.2.3 performed flawlessly.

    I've tried all major browsers, same result.

    I understand that my version is too old, maybe time to get out of my shell :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy