[ale] etherape + comcast + NAT'ed host

Jim Kinney jim.kinney at gmail.com
Mon Sep 15 17:02:43 EDT 2008


I think for some reason etherape is reading data from the WAN side of the
firewall.

On Mon, Sep 15, 2008 at 4:43 PM, Jim Popovitch <yahoo at jimpop.com> wrote:

> On Mon, Sep 15, 2008 at 16:19, Mike Harrison <meuon at geeklabs.com> wrote:
> > On Mon, 15 Sep 2008, Jim Popovitch wrote:
> >
> >> Can anyone explain why etherape (Debian), on a NAT'ed host connected
> >> to Comcast, would produce a graphic like this:
> >>
> >>    http://picasaweb.google.com/jimpop/Public#5246085619648929282
> >>
> >> I see IPs in there showing traffic between Korea and Japan :-)
> >
> > There is something very VERY wrong if you got that behind a NAT'd
> > firewall. First I'd start, one at a time, unplugging machines
> > behind your NAT. if one (or more) of them make that go away, thats
> > your source and something is uisng that machine. See the blue line into
> > -nothing- from LocalHost? That is very strange. As that the traffic is
> > green/IP_unknown or that white line (I can't read it) - Actual port
> > numbers can be informative/clueful.
> >
> > It's also possible your firewall itself is poking things through..
> > Depending on what else is going on with your systems, this smells bad.
> >
> > Also take a look at what you get with iptraf and possibly even sniffit.
> > It will give you more clues, including source MAC addresses that can
> > tell you if this is coming from within, or from your router/nat box.
>
> There is nothing else behind the nat other than my laptop.  The NAT'ed
> wifi is WPA2 and restricted to my MAC only.  There is zero traffice
> in/out of my box*until* I run etherape.   Quite strange indeed.
>
> -Jim P.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
-- 
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080915/aaed9908/attachment.html 


More information about the Ale mailing list