Security Basics mailing list archives
Re: keepalive message or not?
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Thu, 17 Oct 2002 19:27:34 -0600
On Thu, Oct 17, 2002 at 03:28:35AM +0000, SB CH wrote:
12:24:08.901473 eth0 < client.com.2157 > www.server.com.ssh: P 2801:2841(40) ack 13496 win 16736 (DF) 12:24:08.901481 eth0 < client.com.2157 > www.server.com.ssh: P 2801:2841(40) ack 13496 win 16736 (DF) 12:24:08.901483 eth0 < client.com.2157 > www.server.com.ssh: P 2801:2841(40) ack 13496 win 16736 (DF) 12:24:08.901492 eth0 < client.com.2157 > www.server.com.ssh: P 2801:2841(40) ack 13496 win 16736 (DF) 12:24:08.901498 eth0 < client.com.2157 > www.server.com.ssh: P 2801:2841(40) ack 13496 win 16736 (DF) * client.com is my pc name. Surely, I didn't do anything except ssh login and just tcpdump. Is this a keepalive message or not? Please let me know the meaning about this message.
There can really only be one cause. :) Think for a moment where the output of TCPDump is going.... over the ssh connection. Which causes more network traffic, which causes more output, and so on. Try: tcpdump not port 22 Or write the output to a file. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt () cpsc ucalgary ca University Of Calgary (_)/(_) I should be biking right now. Computer Science
Current thread:
- keepalive message or not? SB CH (Oct 17)
- Re: keepalive message or not? Brad Arlt (Oct 18)
- Re: keepalive message or not? Stephane Nasdrovisky (Oct 18)
- <Possible follow-ups>
- Re: keepalive message or not? Dickon Newman (Oct 22)
- Re: keepalive message or not? Jaco van der Schyff (Oct 22)