Bob,
> Do you happen to be running IP Masquerading? The port numbers look like they are
> coming from a masqueraded machine.
Yes. I have a Windows machine using the port, however, at the time of the tcpdump I
had nothing active on the Windows machine -- no ftp, no IE, nada. In fact, at the
same time, I had another tcpdump on the eth0 connection to be sure no packets were
coming across from the Windows macine. It was absolutely quiet.
> Another possibility, although very unlikely,
> is that your ISP has its terminal server setup in such a way that it is on a
> shared media segment. You might then see traffic from others that are logged
> in. What is the subnet mask on your ppp0 interface when you are logged in? It
> probably should be something like 255.255.255.252. I just checked mine and it
> was 255.255.255.255 when diald initiated the connection and 255.255.255.252 when
> I used the script I wrote when I first signed up with my ISP. I added the
> "netmask 255.255.255.252" option to my diald.conf file.
Maybe I don't understand your question, but I thought all ppp connections had a
netmask of 255.255.255.255. I checked with ifconfig and verified that. How could
it be otherwise? Your idea of a shared media segment is intriguing because, as I
said in the first post, it looks as if I was watching traffic from some other
machine whizzing past to the ISP. But since I'm on a ppp connection I don't know
how that would be possible.
Gyepi suggested that someone may be routing packets thru my machine, but the more I
think about it, the less reasonable it seems. If I'm on the dead end of a line
between two machines, how could anything be routed thru me?
If you'll indulge my ASCII art, I will diagram my understanding of my ppp
connection.
/---------------\ /-----------------\
| | | |
| ISP: +--pppx--------ppp0--+ |
| US WEST | | my server |
| +--pppy----- | |
| | | |
| +--pppz----- | |
| | | |
\-+----+----+---/ \--------+--------/
| | | |
ethx ethy ethz eth0
| | | |
|
|
eth0
|
/-----------------\
| |
| my Windows box |
| |
| |
| |
| |
\-----------------/
So it would seem the only traffic thru my server could only be from my Windows box,
but I am certain it wasn't coming from there. So you see, your shared media segment
idea has piqued my curiousity.
Tom
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
