Security Basics mailing list archives

Re: keepalive message or not?

From: "Dickon Newman" <dnewman () skylan net>
Date: Mon, 21 Oct 2002 16:34:56 -0400

You'll see ssh packets because you are connected via ssh.  Any data sent to
you (all the text for your tcpdump and other messages) will show up in the
dump!

Sometimes I like to filter out those packets:  tcpdump not port 22

That way you wont see all the packets involving your ssh session.

----- Original Message -----
From: "SB CH" <chulmin2 () hotmail com>
To: <security-basics () securityfocus com>
Sent: Sunday, October 20, 2002 8:46 PM
Subject: keepalive message or not?

Hello,all.

So sorry,I corrected tcpdump result.
please re see my question.

I remote connected my server using ssh and executed like this.

# tcpdump tcp

 and I can see so lots of packets like this.

09:43:22.517945 eth0 < client.56166 > server.ssh: .
3410978287:3410978287(0) ack 3409179220 win 33728 (DF) [tos 0x10]
09:43:22.517984 eth0 > server.ssh > client.56166: P 1:97(96) ack 0 win
10720 (DF)
09:43:22.518199 eth0 < client.56166 > server.ssh: . 0:0(0) ack 97 win

(DF) [tos 0x10]
09:43:22.518242 eth0 > server.ssh > client.56166: P 97:201(104) ack 0 win
10720 (DF)
09:43:22.518445 eth0 < client.56166 > server.ssh: . 0:0(0) ack 201 win
33728 (DF) [tos 0x10]
09:43:22.519078 eth0 > server.ssh > client.56166: P 201:401(200) ack 0 win
10720 (DF)
09:43:22.519328 eth0 < server.56166 > client.ssh: . 0:0(0) ack 401 win
33728 (DF) [tos 0x10]
09:43:22.519377 eth0 > server.ssh > client.56166: P 401:561(160) ack 0 win
10720 (DF)
09:43:22.519602 eth0 < client.56166 > server.ssh: . 0:0(0) ack 561 win
33728 (DF) [tos 0x10]
09:43:22.519636 eth0 > server.ssh > client.56166: P 561:729(168) ack 0 win
10720 (DF)


 * client is my pc name.

 Surely, I didn't do anything except ssh login and  just tcpdump.

 Is this a keepalive message or not?

 Please let me know the meaning about this message.

 Thanks in advance.


_________________________________________________________________
확인하자 오늘의 운세 무료 사주, 궁합, 작명, 전생 가이드
http://www.msn.co.kr/fortune/default.asp

Current thread:

keepalive message or not? SB CH (Oct 17)
- Re: keepalive message or not? Brad Arlt (Oct 18)
- Re: keepalive message or not? Stephane Nasdrovisky (Oct 18)
- <Possible follow-ups>
- Re: keepalive message or not? Dickon Newman (Oct 22)
- Re: keepalive message or not? Jaco van der Schyff (Oct 22)