Wireshark · Ethereal-users: [Ethereal-users] Two firewalls two different packet captures

Ethereal-users: [Ethereal-users] Two firewalls two different packet captures

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Don C Weber <dcweber@xxxxxxxxxxxx>

Date: Mon, 16 May 2005 13:11:30 -0500

I have looked for information about this but I guess I am asking (Googling)
the wrong questions.  I ran a Nmap syn scan of a computer protected by a
Kerio firewall and monitored the protected interface with Ethereal.  I was
rewarded with a list of 3326 syn and 12 arp packets coming in but no
responses going out.  This part I understand.  But when I disabled the
Kerio firewall, enabled the firewall that comes with my Cisco VPN client,
and reran the scan all Ethereal captured were the 12 arp packets.  The scan
results on the Nmap side were identical and all ports scanned were reported
as filtered.

My question is this:  is the system protected better by the Cisco firewall?
Could another application intercept and exploit network traffic before the
Kerio firewall?

I want to avoid talking about how an application would need administrative
rights to capture the traffic before Kerio.  This I understand.  I am more
interested in the flow logic and why I had different results from what
should be similar software.

Thanks,
Cutaway

Follow-Ups:
- Re: [Ethereal-users] Two firewalls two different packet captures
  - From: Ulf Lamping

Prev by Date: [Ethereal-users] saving RTP to au: sources out of sync?!
Next by Date: Re: [Ethereal-users] 64 bit machines
Previous by thread: [Ethereal-users] saving RTP to au: sources out of sync?!
Next by thread: Re: [Ethereal-users] Two firewalls two different packet captures
Index(es):
- Date
- Thread