Security Basics mailing list archives
Re: keepalive message or not?
From: "Stephane Nasdrovisky" <stephane.nasdrovisky () uniway be>
Date: Fri, 18 Oct 2002 10:19:51 +0200
Keepalives do not contains data (2801:2841(40) means your tcp contains 40 bytes). It seems you are not receiving the acknowledge from the server, which is why the client sent the same 40 bytes forever It could be an ACL in the path blocking non syn packets. SB CH wrote:
I remote connected my server using ssh and executed like this. # tcpdump tcp and I can see so lots of packets like this. 12:24:08.901473 eth0 < client.com.2157 > www.server.com.ssh: P 2801:2841(40) ack 13496 win 16736 (DF) 12:24:08.901481 eth0 < client.com.2157 > www.server.com.ssh: P 2801:2841(40) ack 13496 win 16736 (DF) 12:24:08.901483 eth0 < client.com.2157 > www.server.com.ssh: P 2801:2841(40) ack 13496 win 16736 (DF) 12:24:08.901492 eth0 < client.com.2157 > www.server.com.ssh: P 2801:2841(40) ack 13496 win 16736 (DF) 12:24:08.901498 eth0 < client.com.2157 > www.server.com.ssh: P 2801:2841(40) ack 13496 win 16736 (DF) * client.com is my pc name. Surely, I didn't do anything except ssh login and just tcpdump. Is this a keepalive message or not? Please let me know the meaning about this message. Thanks in advance. _________________________________________________________________ Áõ±Ç Á¤º¸ °¡Àå ºü¸£°í ÆíÇÏ°Ô º¸½Ç ¼ö ÀÖ½À´Ï´Ù. MSN Áõ±Ç/ÅõÀÚ http://www.msn.co.kr/stock/
Current thread:
- keepalive message or not? SB CH (Oct 17)
- Re: keepalive message or not? Brad Arlt (Oct 18)
- Re: keepalive message or not? Stephane Nasdrovisky (Oct 18)
- <Possible follow-ups>
- Re: keepalive message or not? Dickon Newman (Oct 22)
- Re: keepalive message or not? Jaco van der Schyff (Oct 22)