Security Basics mailing list archives

Re: keepalive message or not?

From: "Stephane Nasdrovisky" <stephane.nasdrovisky () uniway be>
Date: Fri, 18 Oct 2002 10:19:51 +0200


Keepalives do not contains data (2801:2841(40) means your tcp contains
40 bytes). It seems you are not receiving the acknowledge from the
server, which is why the client sent the same 40 bytes forever

It could be an ACL in the path blocking non syn packets.

SB CH wrote:

I remote connected my server using ssh and executed like this.

# tcpdump tcp

and I can see so lots of packets like this.

12:24:08.901473 eth0 < client.com.2157 > www.server.com.ssh: P
2801:2841(40) ack 13496 win 16736 (DF)
12:24:08.901481 eth0 < client.com.2157 > www.server.com.ssh: P
2801:2841(40) ack 13496 win 16736 (DF)
12:24:08.901483 eth0 < client.com.2157 > www.server.com.ssh: P
2801:2841(40) ack 13496 win 16736 (DF)
12:24:08.901492 eth0 < client.com.2157 > www.server.com.ssh: P
2801:2841(40) ack 13496 win 16736 (DF)
12:24:08.901498 eth0 < client.com.2157 > www.server.com.ssh: P
2801:2841(40) ack 13496 win 16736 (DF)

* client.com is my pc name.

Surely, I didn't do anything except ssh login and  just tcpdump.

Is this a keepalive message or not?

Please let me know the meaning about this message.

Thanks in advance.

_________________________________________________________________
Áõ±Ç Á¤º¸ °¡Àå ºü¸£°í ÆíÇÏ°Ô º¸½Ç ¼ö ÀÖ½À´Ï´Ù. MSN Áõ±Ç/ÅõÀÚ
http://www.msn.co.kr/stock/

Current thread:

keepalive message or not? SB CH (Oct 17)
- Re: keepalive message or not? Brad Arlt (Oct 18)
- Re: keepalive message or not? Stephane Nasdrovisky (Oct 18)
- <Possible follow-ups>
- Re: keepalive message or not? Dickon Newman (Oct 22)
- Re: keepalive message or not? Jaco van der Schyff (Oct 22)