|
Posted by Todd H. on December 14, 2007, 12:56 am
> >
> >> When my cable modem is connected only to power and cable,
> >> the "Activity" light flickers irregularly several times per
> >> second, indefinitely. This seems odd, since (I presume) no
> >> activity has been requested.
> >>
> >> Is this normal? If so, what is this activity?
> >
> > Most likely, the steady stream of attacks any host on the internet
> > receives.
>
> That would certainly make interesting reading.
>
> >> The best way I can think of to address this question is to
> >> snoop the ethernet at the cable-modem's port, but that seems
> >> like overkill and would be slightly disruptive. Still, I'll
> >> do it if nobody has a better suggestion.
> >
> > Don't fear the sniffing. :-) It shouldn't be disruptive. Any chance
> > to use wireshark makes for a good day. :-)
> >
> > I might crack out the ole hub and give it a whirl myself.
>
> Ah, the motto of the mongoose family: Run and find out!
> I like it.
>
> The disruption would not be the sniffing itself, but the
> interruption to my housemates' internet life (including
> our telephone service) during the recabling process.
??? How slow are ya? Plus the power into the plus a short cable
into the hub. Hold it's other end in your left hand. Hold cable
that's in the cable modem's ethernet jack in right hand. Unplug
cable modem line, put it in the router, plug that cable in your
right hand into the cable modem, downtime less than 1 second. No
one would notice unless you've got active ssh users.
> Also, I only have a slow, old hub.
Cable modems still aren't faster than an old hub with only one device
talking. Your sniffer machine that you plug intot he hub could be
configured to not even have an IP address, adn quietly sit there and
sniff the wire.
The old hub is probably still faster than cable modem speeds.
> Also, I have no clue how the cable modem will react to either (1)
> DHCP requests from *both* my Linux computer and our VoIP telephone
> adapter, or (2) my Linux computer using a 192.168.1.x IP address.
> As you can see, I'm overflowing with ignorance, particularly
> regarding the cable modem's duties.
>
> Thanks for your attention.
Unless I'm misunderstanding your setup, we have:
Before:
cable modem -----natrouter/switch--- all yer computers
After:
cable modem --HUB--natrouter/switch--all yer other computers
|
+--- 1 computer without an IP assigned running
wireshark
Everything looks the same to the cable modem right down to the
physical layer. A cable gets replaces with 2 cables and a hub. At
most the cable modem starts talking 10mbps half duplex vs 10mbps full
duplex over its ethernet interface. It doesn't see any additional
machines or dhcp requests or anything it wasn't before.
Instead of wireshark, what'd be more itneresting to run on the
sniffing computer would be snort, an intrustion detection system that
will tell you spedifically what attacks are coming in:
http://snort.org/
Best Regards,
--
Todd H.
http://www.toddh.net/
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map