• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Packet capture problem, data missing

Scheduled Pinned Locked Moved General pfSense Questions
3 Posts 2 Posters 1.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Snoopy
    last edited by Sep 18, 2012, 8:41 AM

    This is probably something quick and easy, but I don't have too much experience on packet capture.

    I'm trying to solve some SMTP problems by capturing packets at v1.2.3 pfsense box. I start capture from GUI, on WAN port, with default settings, port 25 and packet count 0. Internet connection is simple LAN UTP with MTU 1500, no dsl/pppoe stuff. When I download the capture, data is corrupted. There are 14 bytes missing every 1434 or so bytes, I'm not too good at hex either :) This is happening with all traffic. Only the capture is corrupted, real data goes out fine. When Wireshark decodes packets (a txt upload to FTP), I see this:

    
2012-09-18.08:19:05:934.1184.17d0.EEHndlr.Operator Detected: Size=1332,NumRules=1,Operator=3,Weight=4

2012-0              934.1184.17d0.EEHndlr.Operator Detected: Size=1312,NumRules=4,Operator=1,Weight=4

    I added a large space instead of missing data to make it more clear. The data is missing in raw capture too, at those places where packet headers (?) are inserted:

    
2012-09-18	08:19:05:934	1184	17d0	EEHndlr	Operator Detected: Size=1332,NumRules=1,Operator=3,Weight=4
2012-0$XPU  é   é   \^½√a ╧<└ E  tÄ@ k├¿Æ5┌|├rw¢╗ïû∙2PÇ ┐  934	1184	17d0	EEHndlr	Operator Detected: Size=1312,NumRules=4,Operator=1

    I tried running tcpdump directly in shell:
    tcpdump -i em0 -s 0 -w /tmp/wan.pcap
    This works fine, I see binary stuff of size ~70 bytes, repeated after every packet, and no data is missing.

    Is it possible that GUI packet capture does something to data?

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Sep 18, 2012, 12:04 PM

      Can you replicate this on 2.0.1 or 2.1?
      And what browser are you using?

      At this point, 1.2.3 is so far in the past it's not all that useful to get a bug report on it. The packet capture page did have some problems back then, but usually it would corrupt the start/end of the capture file, not the middle. Much of that page has been rewritten between 1.2.3 and 2.x.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • S
        Snoopy
        last edited by Sep 19, 2012, 5:12 AM

        I don't have v2 installation. Back when I was installing this server, v2 was still flaky, and since then 1.2.3 performed flawlessly.

        I've tried all major browsers, same result.

        I understand that my version is too old, maybe time to get out of my shell :)

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received