[ale] etherape + comcast + NAT'ed host
Jim Popovitch
yahoo at jimpop.com
Mon Sep 15 16:43:15 EDT 2008
On Mon, Sep 15, 2008 at 16:19, Mike Harrison <meuon at geeklabs.com> wrote:
> On Mon, 15 Sep 2008, Jim Popovitch wrote:
>
>> Can anyone explain why etherape (Debian), on a NAT'ed host connected
>> to Comcast, would produce a graphic like this:
>>
>> http://picasaweb.google.com/jimpop/Public#5246085619648929282
>>
>> I see IPs in there showing traffic between Korea and Japan :-)
>
> There is something very VERY wrong if you got that behind a NAT'd
> firewall. First I'd start, one at a time, unplugging machines
> behind your NAT. if one (or more) of them make that go away, thats
> your source and something is uisng that machine. See the blue line into
> -nothing- from LocalHost? That is very strange. As that the traffic is
> green/IP_unknown or that white line (I can't read it) - Actual port
> numbers can be informative/clueful.
>
> It's also possible your firewall itself is poking things through..
> Depending on what else is going on with your systems, this smells bad.
>
> Also take a look at what you get with iptraf and possibly even sniffit.
> It will give you more clues, including source MAC addresses that can
> tell you if this is coming from within, or from your router/nat box.
There is nothing else behind the nat other than my laptop. The NAT'ed
wifi is WPA2 and restricted to my MAC only. There is zero traffice
in/out of my box*until* I run etherape. Quite strange indeed.
-Jim P.
More information about the Ale
mailing list