This is our old Q&A Site. Please post any new questions and answers at

Is there a method for determining if a particular entry(s) in a network trace are being blocked by ACLs? If so, can you help me identify where in the trace it would show the packet being rejected/blocked?

For example, we've written ACLs to prevent traffic on certain ports directed toward a particular host. In the network trace I see the client and host entries on the defined ports. But i can't tell if they are being blocked. We do see the counters on our firewall going up, so that's a good inidcating our ACL is working. But was hoping wireshark would somehow confirm the traffic is being blocked. Please let me know if I can provide a better example or further information. Appreciate the help.

asked 09 Mar '12, 04:17

sdeb's gravatar image

accept rate: 0%

<trivial mode>
In order to know if something is blocked, you would need to make a trace on both sides of the blocking device and compare the packets
</trivial mode>

If you can only capture packets on one side of the connection, then you could deduct some information about the ACL's, but you are never sure. For instance, capturing on the client side of the filtering device could show you SYN packets being sent, but no SYN/ACK coming back. This could be due to the ACL, but also due to a routing problem, the server not being up, etc.

permanent link

answered 09 Mar '12, 04:37

SYN-bit's gravatar image

SYN-bit ♦♦
accept rate: 20%

edited 09 Mar '12, 04:38

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 09 Mar '12, 04:17

question was seen: 17,302 times

last updated: 09 Mar '12, 04:38

p​o​w​e​r​e​d by O​S​Q​A