[ale] etherape + comcast + NAT'ed host
    Jim Kinney 
    jim.kinney at gmail.com
       
    Mon Sep 15 17:02:43 EDT 2008
    
    
  
I think for some reason etherape is reading data from the WAN side of the
firewall.
On Mon, Sep 15, 2008 at 4:43 PM, Jim Popovitch <yahoo at jimpop.com> wrote:
> On Mon, Sep 15, 2008 at 16:19, Mike Harrison <meuon at geeklabs.com> wrote:
> > On Mon, 15 Sep 2008, Jim Popovitch wrote:
> >
> >> Can anyone explain why etherape (Debian), on a NAT'ed host connected
> >> to Comcast, would produce a graphic like this:
> >>
> >>    http://picasaweb.google.com/jimpop/Public#5246085619648929282
> >>
> >> I see IPs in there showing traffic between Korea and Japan :-)
> >
> > There is something very VERY wrong if you got that behind a NAT'd
> > firewall. First I'd start, one at a time, unplugging machines
> > behind your NAT. if one (or more) of them make that go away, thats
> > your source and something is uisng that machine. See the blue line into
> > -nothing- from LocalHost? That is very strange. As that the traffic is
> > green/IP_unknown or that white line (I can't read it) - Actual port
> > numbers can be informative/clueful.
> >
> > It's also possible your firewall itself is poking things through..
> > Depending on what else is going on with your systems, this smells bad.
> >
> > Also take a look at what you get with iptraf and possibly even sniffit.
> > It will give you more clues, including source MAC addresses that can
> > tell you if this is coming from within, or from your router/nat box.
>
> There is nothing else behind the nat other than my laptop.  The NAT'ed
> wifi is WPA2 and restricted to my MAC only.  There is zero traffice
> in/out of my box*until* I run etherape.   Quite strange indeed.
>
> -Jim P.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
-- 
-- 
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080915/aaed9908/attachment.html 
    
    
More information about the Ale
mailing list