I send a single UDP packet from my laptop to the router, and the sniffer sees two. One rx: no problem with the existence of that one, since I sent it and I can see it traverse the firewall. But what is the score with the (smaller) tx one? Where is it coming from and where is it going???? Doc says rx=entering the router, tx=leaving the router. But I can't see the tx packet anywhere in the firewall chains.
I am sure there is a good explanation for it though, and that at least one of you knows it.
Also one more question: where in the packet flow is the sniffer sampling the packets?
My router is setup as an all in one SOHO router, transparent web proxy and hotspot.
Here are the sniffed packets:
Code: Select all
[admin@MikroTik] /tool sniffer packet> print detail
0 time=3.341 num=1 direction=rx interface=ether2-local-master src-address=172.16.7.254:3584 dst-address=172.16.0.1:40056 protocol=ip ip-protocol=udp size=46 ip-packet-size=28
ip-header-size=20 dscp=0 identification=32114 fragment-offset=0 ttl=128
1 time=3.341 num=2 direction=tx interface=ether2-local-master src-address=172.16.7.254:3584 dst-address=172.16.0.1:40056 protocol=ip ip-protocol=udp size=28 ip-packet-size=28
ip-header-size=20 dscp=0 identification=32114 fragment-offset=0 ttl=128
[admin@MikroTik] /tool sniffer packet> print raw
0 time=3.341 interface=ether2-local-master direction=rx data=
0000 45 00 00 1c 7d 72 00 00 80 11 5d 3f ac 10 07 fe E...}r.. ..]?....
0010 ac 10 00 01 0e 00 9c 78 00 08 f5 45 1b f8 0d 2d .......x ...E...-
0020 08 02 a2 00 00 22 43 56 20 0f 94 0c 6d b6 ....."CV ...m.
1 time=3.341 interface=ether2-local-master direction=tx data=
0000 45 00 00 1c 7d 72 00 00 80 11 5d 3f ac 10 07 fe E...}r.. ..]?....
0010 ac 10 00 01 0e 00 9c 78 00 08 f5 45 .......x ...E