I get this question a lot and surprised I have yet to address it. Someone asked “will Wireshark capture the packets my firewall blocks. Unfortunately, the short answer is “it depends on a few variables”.I thought it would be helpful if I showed you how I would answer this question.
The methodology is pretty simple.
Get a baseline:
- Disable firewall
- Start capture with an icmp capture filter
- Have another computer ping you
- Stop capture and review results
Test
- Enable firewall
- Start capture with an icmp capture filter
- Have another computer ping you
- Stop capture and review results
Don’t worry about what I got, determine how your computer behaves.
Enjoy
No comments:
Post a Comment