I hadn’t done a lot with pfSense in the past, which I regret a bit since I discovered this really cool feature: Sniffers, Packet Capture – PFSenseDocs.
The coolness isn’t so much that you can capture packets, but that it’s compatible with tcpdump and Wireshark (which has become available natively for Mac like 2 years ago).
Which means that you can download captures and open them in Wireshark.
So it’s as easy as 1,2,3:
- Set-up the capture on your router https://a.b.c.d/diag_packet_capture.php and start it
- Stop the capture and download the file
- Open the file in Wireshark or convert it to text using tshark
–jeroen