Security Basics mailing list archives

Re: keepalive message or not?

From: "Jaco van der Schyff" <jvds () netgroup co za>
Date: Mon, 21 Oct 2002 22:38:24 +0200

Have you ever had a mirror in front of you and at your back?
Have you noticed the image of yourself being reflected into infinity?

That is what you are seeing in the tcpdump mirror, the packets
that are dumped, are the packets sent to you to display
the output of tcpdump on your terminal, thus the whole process
continues into the every reaching void of your computer circuitry,

<<hope this makes sense>>

--insert fitting haiku here--


- Jaco
jvds () netgroup co za


----- Original Message -----
From: "SB CH" <chulmin2 () hotmail com>
To: <security-basics () securityfocus com>
Sent: Monday, October 21, 2002 2:46 AM
Subject: keepalive message or not?

Hello,all.

So sorry,I corrected tcpdump result.
please re see my question.

I remote connected my server using ssh and executed like this.

# tcpdump tcp

 and I can see so lots of packets like this.

09:43:22.517945 eth0 < client.56166 > server.ssh: .
3410978287:3410978287(0) ack 3409179220 win 33728 (DF) [tos 0x10]
09:43:22.517984 eth0 > server.ssh > client.56166: P 1:97(96) ack 0 win
10720 (DF)
09:43:22.518199 eth0 < client.56166 > server.ssh: . 0:0(0) ack 97 win

(DF) [tos 0x10]
09:43:22.518242 eth0 > server.ssh > client.56166: P 97:201(104) ack 0 win
10720 (DF)
09:43:22.518445 eth0 < client.56166 > server.ssh: . 0:0(0) ack 201 win
33728 (DF) [tos 0x10]
09:43:22.519078 eth0 > server.ssh > client.56166: P 201:401(200) ack 0 win
10720 (DF)
09:43:22.519328 eth0 < server.56166 > client.ssh: . 0:0(0) ack 401 win
33728 (DF) [tos 0x10]
09:43:22.519377 eth0 > server.ssh > client.56166: P 401:561(160) ack 0 win
10720 (DF)
09:43:22.519602 eth0 < client.56166 > server.ssh: . 0:0(0) ack 561 win
33728 (DF) [tos 0x10]
09:43:22.519636 eth0 > server.ssh > client.56166: P 561:729(168) ack 0 win
10720 (DF)


 * client is my pc name.

 Surely, I didn't do anything except ssh login and  just tcpdump.

 Is this a keepalive message or not?

 Please let me know the meaning about this message.

 Thanks in advance.


_________________________________________________________________
확인하자 오늘의 운세 무료 사주, 궁합, 작명, 전생 가이드
http://www.msn.co.kr/fortune/default.asp

Current thread:

keepalive message or not? SB CH (Oct 17)
- Re: keepalive message or not? Brad Arlt (Oct 18)
- Re: keepalive message or not? Stephane Nasdrovisky (Oct 18)
- <Possible follow-ups>
- Re: keepalive message or not? Dickon Newman (Oct 22)
- Re: keepalive message or not? Jaco van der Schyff (Oct 22)