Wireshark mailing list archives

Re: TCP Retransmission question

From: Shain Singh <shain.singh () gmail com>
Date: Tue, 21 Jun 2011 19:17:02 +1000


xxx.xxx.xxx.112 68.168.113.155  SSH     [TCP Retransmission] Encrypted
response packet len=35
68.168.113.155  xxx.xxx.xxx.112 TCP     [TCP Previous segment lost] 33514 >
ssh [ACK] Seq=21 Ack=36 Win=5888 Len=0 TSV=3950744190 TSER=4316095
SLE=1 SRE=36
68.168.113.155  xxx.xxx.xxx.112 SSHv2   [TCP Retransmission] Client
Protocol: SSH-2.0-libssh-0.1\r

Haver you got SSH configured on the host computer to port forward to the
servers (Are the virtual hosts in bridged or NAT mode?) - Looks to be
bridged.
I would have thought that this could just be someone 'trying' to brute force
SSH. It doesn't necessarily mean they have been able to successfully connect
from the logs above unless I am missing something.

Have a scroll through you logs for successful/unsuccessful attempts on SSH.


-- 
Shaineel Singh
e: shain.singh () gmail com
p: +61 422 921 951
w: http://buffet.shainsingh.com

--
"Too many have dispensed with generosity to practice charity" - Albert Camus

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

TCP Retransmission question Thomas Anderson (Jun 21)
- Re: TCP Retransmission question ronnie sahlberg (Jun 21)
- Re: TCP Retransmission question Shain Singh (Jun 21)
  - Re: TCP Retransmission question Thomas Anderson (Jun 21)
    - Re: TCP Retransmission question Shain Singh (Jun 21)
    - Re: TCP Retransmission question Andrew Hood (Jun 21)
    - Re: TCP Retransmission question Anthony Murabito (Jun 21)