Wireshark · Wireshark-users: [Wireshark-users] capturing before/after firewall in Linux

Wireshark-users: [Wireshark-users] capturing before/after firewall in Linux

Date: Fri, 28 Dec 2012 18:58:59 +0100 (CET)

Hello,

I run Wireshark in Ubuntu 12.04.1 64b

If I see it correct - wireshark shows all incoming packet - even these, which are dropped by firewall (iptables).

1. is this so ?

2. by outgoing packets I expect it will be reversed: wireshark will not show packets dropped by FW  ?

[in other words: wireshark is bite between FW and NIC driver ?] 

3. Is there a way to show in Wireshark ALL in/out packets AND mark (colorize) packets which are/will-be dropped by FW ?

[Wireshark would have to monitor also packets between FW and higher layer of system]

Thanks --kapetr

Follow-Ups:
- Re: [Wireshark-users] capturing before/after firewall in Linux
  - From: Jaap Keuter

Prev by Date: Re: [Wireshark-users] error: Neither Qt nor GTK+ 2.12 or later are available, so Wireshark can't be compiled
Next by Date: Re: [Wireshark-users] capturing before/after firewall in Linux
Previous by thread: Re: [Wireshark-users] getting absolute time of packet
Next by thread: Re: [Wireshark-users] capturing before/after firewall in Linux
Index(es):
- Date
- Thread