I'm trying to determine what sort of data is coming or going from my domain. The activity light on my modem and firewall are flashing like crazy regardless of the number of actual computers connected. When I disconnect the systems I still see the traffic. How can I peek onto that side of the firewall?
SnapOverflow
From the Snapgear Administration Guide you can do a packet capture direct from the firewall. From the firewall's System menu, click on
Diagnostics, thenPacket Capture. Once you've got a few seconds worth of packets, you can view it right from the firewall. Alternately, and what I'd probably recommend, is that you can download the cap file, and view it in something like Wireshark. This should at least let you see the type, source, and destination packets of your traffic.Probably random crap from the Internet being spewed in your direction...
--Christopher Karel
Direct packet dumps (tcpdump, wireshark, and friends) are good but you'll probably like something more high-level. If you can get all the traffic (via an hub as already said or via a linux or other unix system with two ethernet cards in bridging) you can run ntop on that host and see detailed realtime reports of your network traffic.
Probably not a whole lot of exciting things are going on. The lights flash like crazy even when small amounts of data are going across the wire.
If you want to see what's going on, you can sniff the packets. Download and install Wireshark on your computer. Then hook up a hub (hub, not a switch) between your firewall and modem. Plug your computer into the hub, launch Wireshark and start sniffing away.