Wireshark mailing list archives
Re: TCP Retransmission question
From: Shain Singh <shain.singh () gmail com>
Date: Tue, 21 Jun 2011 19:17:02 +1000
xxx.xxx.xxx.112 68.168.113.155 SSH [TCP Retransmission] Encrypted response packet len=35 68.168.113.155 xxx.xxx.xxx.112 TCP [TCP Previous segment lost] 33514 > ssh [ACK] Seq=21 Ack=36 Win=5888 Len=0 TSV=3950744190 TSER=4316095 SLE=1 SRE=36 68.168.113.155 xxx.xxx.xxx.112 SSHv2 [TCP Retransmission] Client Protocol: SSH-2.0-libssh-0.1\r
Haver you got SSH configured on the host computer to port forward to the servers (Are the virtual hosts in bridged or NAT mode?) - Looks to be bridged. I would have thought that this could just be someone 'trying' to brute force SSH. It doesn't necessarily mean they have been able to successfully connect from the logs above unless I am missing something. Have a scroll through you logs for successful/unsuccessful attempts on SSH. -- Shaineel Singh e: shain.singh () gmail com p: +61 422 921 951 w: http://buffet.shainsingh.com -- "Too many have dispensed with generosity to practice charity" - Albert Camus
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- TCP Retransmission question Thomas Anderson (Jun 21)
- Re: TCP Retransmission question ronnie sahlberg (Jun 21)
- Re: TCP Retransmission question Shain Singh (Jun 21)
- Re: TCP Retransmission question Thomas Anderson (Jun 21)
- Re: TCP Retransmission question Shain Singh (Jun 21)
- Re: TCP Retransmission question Andrew Hood (Jun 21)
- Re: TCP Retransmission question Anthony Murabito (Jun 21)
- Re: TCP Retransmission question Thomas Anderson (Jun 21)