The power to be sure

I fixed an new DSL connection and for the life of me, I could not get the server to work. I wanted to host my own DNS server and had set up a firewall with a DMZ and everything. The connection gave me 5 IP addresses which I could use. I could browse, which meant the connection was up but I can't access the DNS server from other machines on the Internet.

After ensuring all the routing and firewall rules did not interfere with what I wanted to do, it finally dawned to me that I needed to see the actual packet themselves. I needed to see the network.

The best program for this by far is ethereal. I had an old hub lying around so used that to create a primitive network tap between the DSL modem and the firewall. The hub would retransmit all the communication between the firewall and the DSL modem. Ethereal was running on another PC connected to the hub and would capture and decipher this for me. Ethereal is wonderful at filtering. I found out that although I could browse the web and see the packets from the firewall to the DSL modem, whenever I tried to access the DNS server from another Internet connection, there would be no traffic for that server or that protocol. Essentially, I was like behind another firewall. Traceroute-ing lead me to just one hop before it should hit the server, the DSL router at the ISP. Definitely something is not right.

What amazed me most is the ability to use tools like Ethereal at almost no cost. A few years ago meant I have to do a lot of guessing or cough up a lot of money for a network analyzer.

Now, I can choke my ISP (for an answer) much faster.