Security Basics mailing list archives

Re: keepalive message or not?

From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Thu, 17 Oct 2002 19:27:34 -0600

On Thu, Oct 17, 2002 at 03:28:35AM +0000, SB CH wrote:

12:24:08.901473 eth0 < client.com.2157 > www.server.com.ssh: P 
2801:2841(40) ack 13496 win 16736 (DF)
12:24:08.901481 eth0 < client.com.2157 > www.server.com.ssh: P 
2801:2841(40) ack 13496 win 16736 (DF)
12:24:08.901483 eth0 < client.com.2157 > www.server.com.ssh: P 
2801:2841(40) ack 13496 win 16736 (DF)
12:24:08.901492 eth0 < client.com.2157 > www.server.com.ssh: P 
2801:2841(40) ack 13496 win 16736 (DF)
12:24:08.901498 eth0 < client.com.2157 > www.server.com.ssh: P 
2801:2841(40) ack 13496 win 16736 (DF)

* client.com is my pc name.

Surely, I didn't do anything except ssh login and  just tcpdump.

Is this a keepalive message or not?

Please let me know the meaning about this message.


There can really only be one cause. :)

Think for a moment where the output of TCPDump is going....  over the
ssh connection.  Which causes more network traffic, which causes more
output, and so on.

Try:

tcpdump not port 22

Or write the output to a file.
-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science

Current thread:

keepalive message or not? SB CH (Oct 17)
- Re: keepalive message or not? Brad Arlt (Oct 18)
- Re: keepalive message or not? Stephane Nasdrovisky (Oct 18)
- <Possible follow-ups>
- Re: keepalive message or not? Dickon Newman (Oct 22)
- Re: keepalive message or not? Jaco van der Schyff (Oct 22)