Sniffing takes place between the wire (or air) and the firewall. So if you cannot see the packets to come in via the external interface, you can be sure that they really haven't arrived from outside (provided that an overly narrow sniffing filter hasn't prevented them from being shown). When you can see the packets leaving out via the external interface, you can be sure that your firewall has let them out.
A case of its own is IPsec, which shows the decrypted and decapsulated packets on the same interface like the transport ones from which they have been decrypted and decapsulated, and to make life more colorful, the decrypted and decapsulated packets sometims appear in the capture earlier than the matching transport ones. On the other hand, packets to be encrypted by IPsec are not shown at all, only the resulting transport packets are.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.