Have you tried using the built in packet capture under diagnostics? This will clean up your ssh traffic, which is what I assume you mean by tcpdump recursice traffic. Plus you can download a pcap to examine more closely in wireshark.
As for traffic denied by the firewall have you tried looking at the firewall logs? Trevor On Apr 28, 2013 5:47 AM, "Jason Pyeron" <[email protected]> wrote: > I am looking to capture all the packets that are traversing and attempting > to > traverse the firewall. > > If I use tcpdump -i WAN I get all the packets, if I use tcpdump -i LAN > then I > only get the packets that made it past the firewall plus the recursive > traffic > of my pcap data leaving the firewall too. > > This is telling me I should be using another port, but still does not help > me > separate the pcap data into 2 buckets: > > 1: blocked > 2: not blocked > > Any suggestions? > > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > - - > - Jason Pyeron PD Inc. http://www.pdinc.us - > - Principal Consultant 10 West 24th Street #100 - > - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - > - - > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > This message is copyright PD Inc, subject to license 20080407P00. > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
