AnsweredAssumed Answered

R80.10 and tcpdump

Question asked by Godfrey Bennett on Aug 23, 2018
Latest reply on Aug 28, 2018 by Yuri Slobodyanyuk

HI, can someone please confirm that no firewall services will do anything to any packets before tcpdump (on the incoming interface) captures the packets?  I am looking to prove that a packet which is consistently missing from a tcpdump cannot be possibly dropped by any firewall processes - in other words, that some or other IPS on the internal network must be interfering with matters.

 

I do know that fw monitor won't work without disabling acceleration, but this is tcpdump only which I am referring to.

 

Thanks

Outcomes