<div dir="ltr">I think for some reason etherape is reading data from the WAN side of the firewall.<br><br><div class="gmail_quote">On Mon, Sep 15, 2008 at 4:43 PM, Jim Popovitch <span dir="ltr"><<a href="mailto:yahoo@jimpop.com">yahoo@jimpop.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div></div><div class="Wj3C7c">On Mon, Sep 15, 2008 at 16:19, Mike Harrison <<a href="mailto:meuon@geeklabs.com">meuon@geeklabs.com</a>> wrote:<br>
> On Mon, 15 Sep 2008, Jim Popovitch wrote:<br>
><br>
>> Can anyone explain why etherape (Debian), on a NAT'ed host connected<br>
>> to Comcast, would produce a graphic like this:<br>
>><br>
>> <a href="http://picasaweb.google.com/jimpop/Public#5246085619648929282" target="_blank">http://picasaweb.google.com/jimpop/Public#5246085619648929282</a><br>
>><br>
>> I see IPs in there showing traffic between Korea and Japan :-)<br>
><br>
> There is something very VERY wrong if you got that behind a NAT'd<br>
> firewall. First I'd start, one at a time, unplugging machines<br>
> behind your NAT. if one (or more) of them make that go away, thats<br>
> your source and something is uisng that machine. See the blue line into<br>
> -nothing- from LocalHost? That is very strange. As that the traffic is<br>
> green/IP_unknown or that white line (I can't read it) - Actual port<br>
> numbers can be informative/clueful.<br>
><br>
> It's also possible your firewall itself is poking things through..<br>
> Depending on what else is going on with your systems, this smells bad.<br>
><br>
> Also take a look at what you get with iptraf and possibly even sniffit.<br>
> It will give you more clues, including source MAC addresses that can<br>
> tell you if this is coming from within, or from your router/nat box.<br>
<br>
</div></div>There is nothing else behind the nat other than my laptop. The NAT'ed<br>
wifi is WPA2 and restricted to my MAC only. There is zero traffice<br>
in/out of my box*until* I run etherape. Quite strange indeed.<br>
<br>
-Jim P.<br>
<div><div></div><div class="Wj3C7c">_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III <br><br>
</div>