Code:
11:19:15.127535 IP 10.44.1.197.53056 > 142.250.203.195.443: UDP, length 1250
11:19:15.127833 IP 10.44.1.197.49830 > 142.250.203.195.443: Flags [S], seq 1864068734, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
11:19:15.127535 IP 10.44.1.197.53056 > 142.250.203.195.443: UDP, length 1250
11:19:15.127833 IP 10.44.1.197.49830 > 142.250.203.195.443: Flags [S], seq 1864068734, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
tcpdump will catch the packets before they enter the firewall
These are two very important points that seem to trip up a lot of people.Indeed, blocking packets on the firewall won't stop those packets from arriving on the interface
tcpdump will catch the packets before they enter the firewall
What a good analogy you gave us!A bouncer at a bar can't prevent people from walking up to the door, but he can prevent people from entering and the CCTV watching outside of the door sees everyone trying to enter.