On 27 Sep, Tom Reinertson wrote:
> Bob,
>
>> Do you happen to be running IP Masquerading? The port numbers look like they are
>> coming from a masqueraded machine.
>
> Yes. I have a Windows machine using the port, however, at the time of the tcpdump I
> had nothing active on the Windows machine -- no ftp, no IE, nada. In fact, at the
> same time, I had another tcpdump on the eth0 connection to be sure no packets were
> coming across from the Windows macine. It was absolutely quiet.
>
>
>> Another possibility, although very unlikely,
>> is that your ISP has its terminal server setup in such a way that it is on a
>> shared media segment. You might then see traffic from others that are logged
>> in. What is the subnet mask on your ppp0 interface when you are logged in? It
>> probably should be something like 255.255.255.252. I just checked mine and it
>> was 255.255.255.255 when diald initiated the connection and 255.255.255.252 when
>> I used the script I wrote when I first signed up with my ISP. I added the
>> "netmask 255.255.255.252" option to my diald.conf file.
>
> Maybe I don't understand your question, but I thought all ppp connections had a
> netmask of 255.255.255.255. I checked with ifconfig and verified that. How could
> it be otherwise? Your idea of a shared media segment is intriguing because, as I
> said in the first post, it looks as if I was watching traffic from some other
> machine whizzing past to the ISP. But since I'm on a ppp connection I don't know
> how that would be possible.
>
> Gyepi suggested that someone may be routing packets thru my machine, but the more I
> think about it, the less reasonable it seems. If I'm on the dead end of a line
> between two machines, how could anything be routed thru me?
>
> If you'll indulge my ASCII art, I will diagram my understanding of my ppp
> connection.
>
>
> /---------------\ /-----------------\
> | | | |
> | ISP: +--pppx--------ppp0--+ |
> | US WEST | | my server |
> | +--pppy----- | |
> | | | |
> | +--pppz----- | |
> | | | |
> \-+----+----+---/ \--------+--------/
> | | | |
> ethx ethy ethz eth0
> | | | |
> |
> |
> eth0
> |
> /-----------------\
> | |
> | my Windows box |
> | |
> | |
> | |
> | |
> \-----------------/
> So it would seem the only traffic thru my server could only be from my Windows box,
> but I am certain it wasn't coming from there. So you see, your shared media segment
> idea has piqued my curiousity.
>
> Tom
>
In stead of running tcpdump, why don't you unplug your WinBox, because
tcpdump should only show you the tcp traffic ???
Niko
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
