Packet capture problem, data missing
-
This is probably something quick and easy, but I don't have too much experience on packet capture.
I'm trying to solve some SMTP problems by capturing packets at v1.2.3 pfsense box. I start capture from GUI, on WAN port, with default settings, port 25 and packet count 0. Internet connection is simple LAN UTP with MTU 1500, no dsl/pppoe stuff. When I download the capture, data is corrupted. There are 14 bytes missing every 1434 or so bytes, I'm not too good at hex either :) This is happening with all traffic. Only the capture is corrupted, real data goes out fine. When Wireshark decodes packets (a txt upload to FTP), I see this:
2012-09-18.08:19:05:934.1184.17d0.EEHndlr.Operator Detected: Size=1332,NumRules=1,Operator=3,Weight=4 2012-0 934.1184.17d0.EEHndlr.Operator Detected: Size=1312,NumRules=4,Operator=1,Weight=4
I added a large space instead of missing data to make it more clear. The data is missing in raw capture too, at those places where packet headers (?) are inserted:
2012-09-18 08:19:05:934 1184 17d0 EEHndlr Operator Detected: Size=1332,NumRules=1,Operator=3,Weight=4 2012-0$XPU é é \^½√a ╧<└ E tÄ@ k├¿Æ5┌|├rw¢╗ïû∙2PÇ ┐ 934 1184 17d0 EEHndlr Operator Detected: Size=1312,NumRules=4,Operator=1
I tried running tcpdump directly in shell:
tcpdump -i em0 -s 0 -w /tmp/wan.pcap
This works fine, I see binary stuff of size ~70 bytes, repeated after every packet, and no data is missing.Is it possible that GUI packet capture does something to data?
-
Can you replicate this on 2.0.1 or 2.1?
And what browser are you using?At this point, 1.2.3 is so far in the past it's not all that useful to get a bug report on it. The packet capture page did have some problems back then, but usually it would corrupt the start/end of the capture file, not the middle. Much of that page has been rewritten between 1.2.3 and 2.x.
-
I don't have v2 installation. Back when I was installing this server, v2 was still flaky, and since then 1.2.3 performed flawlessly.
I've tried all major browsers, same result.
I understand that my version is too old, maybe time to get out of my shell :)