On Sun, 12 Sep 2004 21:38:52 -0400, Michael Monaghan
<mmonaghan at gmail dot com> wrote:
> > Don't think that will work - my cable ISP only allows one machine to connect
> > to the cablemodem. There must be some way to identify the traffic from
> > within m0n0wall... (like netstat -a on a linux box) possibly using
> > exec.php
You can run netstat -a from exec.php just like you can on Linux, but
that only shows connections to and from the m0n0wall itself.
I have a hub between my m0n0wall and my cable modem, and use trafshow
on a system on that hub to see what is being passed.
You could also go to /status.php and check the 'ipnat -lv' to see your
state table, that might help some.
> Most cables MODEMS will MAC lock to the first adapter to attach.
Actually it's the ISP that locks it to the first adapter's MAC
address, generally. Many times any subsequent MAC addresses get
assigned a private IP that redirects any web requests to a new
computer registration page, where you can change the MAC that is
active, so you can get a public IP on the machine.
Back to the point...
> won't stop the second computer from sniffing the connection. You
> won't be able to surf or do name resolution but you'll still be able
> to capture packets. You might have to assign a static IP but it
> doesn't matter what the address is because the sniffing is done in
> promiscuous (sp?) mode and the IP doesn't enter into the equation.
That's exactly right.