I have ethereal (verion 0.9.4, I think) on a Win2K box. I also have "zone
alarm pro" personal firewall on the same box. Lately I've been seeing some
suspicous things alerted by zone alarm, so I fired up ethereal to see if I
could figure out what's going on. Then things got even stranger. As long
as an ethereal capture is running, zone alarm gives me alerts about protocol
independent multicast and OSPFIGP traffic (IP protocols 89 and 103) being
routed through my machine. Forwarding is turned OFF on my machine, so this
should not happen. The traffic does NOT show up within the ethereal
capture. It only shows up in zone alarm when an ethereal capture is
running.
Is Ethereal somehow interacting with Win2K to make it start routing when the
capture is running? Putting the interface into promiscuous mode maybe is
causing an unexpected result? Or is there some kind of malicious code
involved? What the *&(*&(*^^%&%!! is going on?
Anyone have any clues?
Thanks,
Duncan