When a computer behind a NAT makes a request to a site on the other side,
say port 80 at some ip address, the NAT forwards the request with its ip
address and assigns a port for the response to be returned on. Any
request/response not matching a request from the NAT is rejected, thus
blocking unsolicited request/responses.
I would like to use Ethereal to capture packets of traffic not matching a
request from the NAT.
So if Ethereal was to see a packet from 1.2.3.4 port 3597 but Ethereal had
not seen a request from the NAT matching this (within last n seconds), then
it would capture that packet.
Syntax might look something like this:
not NAT <ip address> <timeout>
<ip address> is IP Address of the NAT device.
<timeout> is the length of time request by the NAT are kept by Ethereal for
matching responses.
Conversely, NAT <ip address> <timeout>, would capture packets matching
request by the NAT.
----- Original Message -----
From: "Ulf Lamping" <ulf.lamping@xxxxxx>
To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx>
Sent: Saturday, April 30, 2005 12:59 PM
Subject: Re: [Ethereal-users] Feature for NAT Capture Filter
Al Stu wrote:
Anyone besides me think a NAT capture filter be a good feature
addition to Ethereal?
For example, Ethereal sniffing on WAN (ISP) side of NAT and capturing
any packets not matching up to a request from the NAT.
Hi!
First of all, the capture filters are not implemented in Ethereal, but
in libpcap/Winpcap. So you should send such requests to the proper lists.
Second, I don't really understand what you are trying to do, what do you
mean by: "not matching up to a request from the NAT"?
Regards, ULFL
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
