Was looking at a Wireshark for some SIP stuff after running a tcpdump from the shell and while reading it I noticed nothing was NAT'd in the .pcap. I forgot to filter by interface so I was seeing the traffic related to both Port 1.4 and Port 2, but since the ports were always 5060/5060, it doesn't look like I was seeing the traffic post-NAT. When looking on the log server in my HPBX, everything looked like it had gone through a NAT like normal.
Two questions as a follow-up:
Where does NAT occur in the flow through XG?
Is there a way to do a capture such that I can see pre and/or post NAT in the .pcap? I usually use tcpdump in Sophos XG since I'm not sure how to export to .pcap from the web UI. I'm figuring I did something wrong to be honest. My tcpdump syntax was tcpdump host 192.168.4.102 -vv -w mitel.pcap.
Thanks!
This thread was automatically locked due to age.
