Skip to content

Traffic misidentification on routing host #447

New issue
New issue
Open
Open
Traffic misidentification on routing host#447
Labels
bugSomething isn't workinghelp wantedExtra attention is needed
@cyqsimon

Description

@cyqsimon
cyqsimon
opened on Dec 6, 2024

Three machines are involved here:

  • My personal laptop A, connected to the local network (green).
  • The server S that routes traffic between the local network and the OpenVPN subnet, on which bandwhich is running.
    • S has two addresses - a local network address Slocal and an OpenVPN subnet address Svpn.
  • A remote client machine B connected to the OpenVPN subnet (cyan).
    • B has two addresses - a public address Bpub and an OpenVPN subnet address Bvpn.

Misidentified traffic

Here I am initiating a file transfer on A using scp from A to Bvpn, so on layer 4 the connection should be from A:56994 to Bvpn:22.

But bandwhich seems to believe that it's from A:56994 to Slocal:22 instead, and by extension believes that this traffic should be attributed to the local sshd process.

I think I've got some clues on what's wrong. Help welcomed nonetheless.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workinghelp wantedExtra attention is needed

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions