[SWLUG] Odd traffic. What is going on here?
Ed Holland
edholland at ntlworld.com
Tue May 8 18:06:17 UTC 2007
Hi,
I wont pretend to understand your logs, but from reading other replies I
understand that you are having problems with brute force ssh logins. I had
the same problem on a server i run and found a small script called fail2ban (
http://www.fail2ban.org/wiki/index.php/Main_Page ) to be the prefect
solution. It will monitor various services for failed logins and then refuse
connection from the address after x number of fails for y number of minutes.
I found it dead easy to setup, but debian provides a package for it so it may
be more complex in your distro.
Ed Holland
www.hotwire.me.uk
On Tuesday 08 May 2007 15:33, Neil Jones wrote:
> Hi folks,
>
> I'd like some advice from the more expert of you as to what may be going
> on with my desktop machine. I have been having times when there seems to
> be traffic going to and from it when there shouldn't have been.
> The modem is flashing like mad and sometimes there is disk activity.
> This has occurred when I have come back to my computer after being out
> of the room for a while so I cannot be doing it.
>
> I am not sure what is being blocked by the firewall although I am sure
> it is set up right. I am using Mandriva.
>
> Here is a sanitised dump.the XXX things represent my box I think.
> I was typing in a word processor at the time I noticed it. I had browser
> windows on the desktop but was not surfing.
>
> /usr/sbin/tcpdump -i eth0
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 12:34:04.814498 IP 64-161-36-80.sierranevada.edu.33062 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: . ack 4180118674 win 1460
> <nop,nop,timestamp 1857843384 3311051>
> 12:34:04.886987 IP 64-161-36-80.sierranevada.edu.33038 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: . ack 4181018908 win 2172
> <nop,nop,timestamp 1857843391 3311051>
> 12:34:04.821786 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: P 1:21(20) ack 0 win 1448
> <nop,nop,timestamp 3311102 1857843384>
> 12:34:04.866862 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039 >
> cache1.ntli.net.domain: 18827+ PTR? 26.215.11.82.in-addr.arpa. (43)
> 12:34:04.876566 IP cache1.ntli.net.domain >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039: 18827 1/2/1 (160)
> 12:34:04.877508 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039 >
> cache1.ntli.net.domain: 24247+ PTR? 80.36.161.64.in-addr.arpa. (43)
> 12:34:04.885516 IP cache1.ntli.net.domain >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039: 24247 1/2/0 (129)
> 12:34:04.887697 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039 >
> cache1.ntli.net.domain: 44516+ PTR? 100.4.168.194.in-addr.arpa. (44)
> 12:34:04.895010 IP cache1.ntli.net.domain >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039: 44516 1/2/1 (127)
> 12:34:04.991028 IP 64-161-36-80.sierranevada.edu.33062 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: . ack 21 win 1460
> <nop,nop,timestamp 1857843584 3311102>
> 12:34:04.991258 IP 64-161-36-80.sierranevada.edu.33062 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 0:20(20) ack 21 win 1460
> <nop,nop,timestamp 1857843584 3311102>
> 12:34:04.991584 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: . ack 20 win 1448
> <nop,nop,timestamp 3311144 1857843584>
> 12:34:04.995949 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: P 21:725(704) ack 20 win 1448
> <nop,nop,timestamp 3311145 1857843584>
> 12:34:05.173434 IP 64-161-36-80.sierranevada.edu.33062 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 20:172(152) ack 725 win
> 1812 <nop,nop,timestamp 1857843766 3311145>
> 12:34:05.213123 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: . ack 172 win 1716
> <nop,nop,timestamp 3311200 1857843766>
> 12:34:05.399740 IP 64-161-36-80.sierranevada.edu.33062 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 172:316(144) ack 725 win
> 1812 <nop,nop,timestamp 1857843992 3311200>
> 12:34:05.399902 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: . ack 316 win 1984
> <nop,nop,timestamp 3311246 1857843992>
> 12:34:05.510683 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: P 725:1445(720) ack 316 win 1984
> <nop,nop,timestamp 3311274 1857843992>
> 12:34:05.690500 IP 64-161-36-80.sierranevada.edu.33062 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 316:332(16) ack 1445 win
> 2172 <nop,nop,timestamp 1857844283 3311274>
> 12:34:05.690671 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: . ack 332 win 1984
> <nop,nop,timestamp 3311319 1857844283>
> 12:34:05.860373 IP 64-161-36-80.sierranevada.edu.33062 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 332:384(52) ack 1445 win
> 2172 <nop,nop,timestamp 1857844453 3311319>
> 12:34:05.860721 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: . ack 384 win 1984
> <nop,nop,timestamp 3311361 1857844453>
> 12:34:05.861052 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: P 1445:1497(52) ack 384 win 1984
> <nop,nop,timestamp 3311361 1857844453>
> 12:34:06.033143 IP 64-161-36-80.sierranevada.edu.33062 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 384:468(84) ack 1497 win
> 2172 <nop,nop,timestamp 1857844626 3311361>
> 12:34:06.038199 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039 >
> cache1.ntli.net.domain: 63213+ PTR? 80.36.161.64.in-addr.arpa. (43)
> 12:34:06.056841 IP cache1.ntli.net.domain >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039: 63213 1/2/0 (129)
> 12:34:06.058183 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039 >
> cache1.ntli.net.domain: 46312+ A? 64-161-36-80.sierranevada.edu. (47)
> 12:34:06.065406 IP cache1.ntli.net.domain >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039: 46312 NXDomain 0/1/0
> (105)
> 12:34:06.071948 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039 >
> cache1.ntli.net.domain: 33173+[|domain]
> 12:34:06.073166 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: . ack 468 win 1984
> <nop,nop,timestamp 3311415 1857844626>
> 12:34:06.078514 IP cache1.ntli.net.domain >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039: 33173 NXDomain[|domain]
> 12:34:06.098257 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: P 1497:1581(84) ack 468 win 1984
> <nop,nop,timestamp 3311421 1857844626>
> 12:34:06.244849 IP 10.217.200.1.bootps > 255.255.255.255.bootpc:
> BOOTP/DHCP, Reply, length: 305
> 12:34:06.245510 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039 >
> cache1.ntli.net.domain: 21720+ PTR? 255.255.255.255.in-addr.arpa. (46)
> 12:34:06.252577 IP cache1.ntli.net.domain >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039: 21720 NXDomain 0/1/0
> (113)
> 12:34:06.253282 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039 >
> cache1.ntli.net.domain: 58684+ PTR? 1.200.217.10.in-addr.arpa. (43)
> 12:34:06.270135 IP 64-161-36-80.sierranevada.edu.33062 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 468:520(52) ack 1581 win
> 2172 <nop,nop,timestamp 1857844861 3311421>
> 12:34:06.270315 IP 64-161-36-80.sierranevada.edu.33062 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: F 520:520(0) ack 1581 win
> 2172 <nop,nop,timestamp 1857844861 3311421>
> 12:34:06.270381 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: . ack 520 win 1984
> <nop,nop,timestamp 3311464 1857844861>
> 12:34:06.270515 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: S 693499177:693499177(0)
> win 5840 <mss 1380,sackOK,timestamp 1857844862 0,nop,wscale 2>
> 12:34:06.270619 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: S 4186181830:4186181830(0) ack
> 693499178 win 5792 <mss 1460,sackOK,timestamp 3311464
> 1857844862,nop,wscale 2>
> 12:34:06.270713 IP cache1.ntli.net.domain >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039: 58684 NXDomain* 0/1/0
> (103)
> 12:34:06.272785 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33062: F 1581:1581(0) ack 521 win 1984
> <nop,nop,timestamp 3311464 1857844861>
> 12:34:06.446346 IP 64-161-36-80.sierranevada.edu.33062 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: . ack 1582 win 2172
> <nop,nop,timestamp 1857845040 3311464>
> 12:34:09.269427 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: S 693499177:693499177(0)
> win 5840 <mss 1380,sackOK,timestamp 1857847862 0,nop,wscale 2>
> 12:34:09.269575 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: S 4186181830:4186181830(0) ack
> 693499178 win 5792 <mss 1460,sackOK,timestamp 3312214
> 1857844862,nop,wscale 2>
> 12:34:09.470892 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: . ack 1 win 1460
> <nop,nop,timestamp 1857848064 3312214>
> 12:34:09.760649 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: P 1:21(20) ack 1 win 1448
> <nop,nop,timestamp 3312336 1857848064>
> 12:34:09.931494 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: . ack 21 win 1460
> <nop,nop,timestamp 1857848525 3312336>
> 12:34:09.931688 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 1:21(20) ack 21 win 1460
> <nop,nop,timestamp 1857848525 3312336>
> 12:34:09.931913 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: . ack 21 win 1448
> <nop,nop,timestamp 3312379 1857848525>
> 12:34:09.935301 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: P 21:725(704) ack 21 win 1448
> <nop,nop,timestamp 3312380 1857848525>
> 12:34:10.115522 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 21:173(152) ack 725 win
> 1812 <nop,nop,timestamp 1857848707 3312380>
> 12:34:10.153433 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: . ack 173 win 1716
> <nop,nop,timestamp 3312435 1857848707>
> 12:34:10.337194 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 173:317(144) ack 725 win
> 1812 <nop,nop,timestamp 1857848929 3312435>
> 12:34:10.337378 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: . ack 317 win 1984
> <nop,nop,timestamp 3312480 1857848929>
> 12:34:10.422945 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: P 725:1445(720) ack 317 win 1984
> <nop,nop,timestamp 3312502 1857848929>
> 12:34:10.603621 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 317:333(16) ack 1445 win
> 2172 <nop,nop,timestamp 1857849197 3312502>
> 12:34:10.603792 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: . ack 333 win 1984
> <nop,nop,timestamp 3312547 1857849197>
> 12:34:10.775235 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 333:385(52) ack 1445 win
> 2172 <nop,nop,timestamp 1857849368 3312547>
> 12:34:10.775586 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: . ack 385 win 1984
> <nop,nop,timestamp 3312590 1857849368>
> 12:34:10.775918 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: P 1445:1497(52) ack 385 win 1984
> <nop,nop,timestamp 3312590 1857849368>
> 12:34:10.957257 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 385:485(100) ack 1497
> win 2172 <nop,nop,timestamp 1857849550 3312590>
> 12:34:10.962779 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039 >
> cache1.ntli.net.domain: 53291+ PTR? 80.36.161.64.in-addr.arpa. (43)
> 12:34:10.969913 IP cache1.ntli.net.domain >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039: 53291 1/2/0 (129)
> 12:34:10.973234 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039 >
> cache1.ntli.net.domain: 28094+ A? 64-161-36-80.sierranevada.edu. (47)
> 12:34:10.993508 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: . ack 485 win 1984
> <nop,nop,timestamp 3312645 1857849550>
> 12:34:10.997555 IP cache1.ntli.net.domain >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039: 28094 NXDomain 0/1/0
> (105)
> 12:34:11.006008 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039 >
> cache1.ntli.net.domain: 22737+[|domain]
> 12:34:11.014452 IP cache1.ntli.net.domain >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.1039: 22737 NXDomain[|domain]
> 12:34:11.050683 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: P 1497:1581(84) ack 485 win 1984
> <nop,nop,timestamp 3312659 1857849550>
> 12:34:11.222286 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 485:537(52) ack 1581 win
> 2172 <nop,nop,timestamp 1857849815 3312659>
> 12:34:11.222473 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: F 537:537(0) ack 1581 win
> 2172 <nop,nop,timestamp 1857849815 3312659>
> 12:34:11.222669 IP 64-161-36-80.sierranevada.edu.33542 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: S 4246055040:4246055040(0)
> win 5840 <mss 1380,sackOK,timestamp 1857849815 0,nop,wscale 2>
> 12:34:11.222793 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33542: S 4190993577:4190993577(0) ack
> 4246055041 win 5792 <mss 1460,sackOK,timestamp 3312702
> 1857849815,nop,wscale 2>
> 12:34:11.224858 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33083: F 1581:1581(0) ack 538 win 1984
> <nop,nop,timestamp 3312702 1857849815>
> 12:34:11.393202 IP 64-161-36-80.sierranevada.edu.33542 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: . ack 1 win 1460
> <nop,nop,timestamp 1857849986 3312702>
> 12:34:11.396756 IP 64-161-36-80.sierranevada.edu.33083 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: . ack 1582 win 2172
> <nop,nop,timestamp 1857849989 3312702>
> 12:34:11.483089 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33542: P 1:21(20) ack 1 win 1448
> <nop,nop,timestamp 3312767 1857849986>
> 12:34:11.664903 IP 64-161-36-80.sierranevada.edu.33542 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: . ack 21 win 1460
> <nop,nop,timestamp 1857850258 3312767>
> 12:34:11.665098 IP 64-161-36-80.sierranevada.edu.33542 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 1:21(20) ack 21 win 1460
> <nop,nop,timestamp 1857850258 3312767>
> 12:34:11.665324 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33542: . ack 21 win 1448
> <nop,nop,timestamp 3312812 1857850258>
> 12:34:11.668671 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33542: P 21:725(704) ack 21 win 1448
> <nop,nop,timestamp 3312813 1857850258>
> 12:34:11.846762 IP 64-161-36-80.sierranevada.edu.33542 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 21:173(152) ack 725 win
> 1812 <nop,nop,timestamp 1857850439 3312813>
> 12:34:11.885541 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33542: . ack 173 win 1716
> <nop,nop,timestamp 3312868 1857850439>
> 12:34:12.056973 IP 64-161-36-80.sierranevada.edu.33542 >
> xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh: P 173:317(144) ack 725 win
> 1812 <nop,nop,timestamp 1857850649 3312868>
> 12:34:12.057132 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33542: . ack 317 win 1984
> <nop,nop,timestamp 3312910 1857850649>
> 12:34:12.167229 IP xxxx-xxxx-x-x-xxxxxxx.xxxx.xxxxx.xxx.com.ssh >
> 64-161-36-80.sierranevada.edu.33542: P 725:1445(720) ack 317 win 1984
> <nop,nop,timestamp 3312938 1857850649>
>
> 88 packets captured
> 182 packets received by filter
> 0 packets dropped by kernel
> [root at cpc1-neat1-0-0-cust793 Desktop]# /usr/sbin/tcpdump -i eth0
>
> >tempdump2.txt
>
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 136 packets captured
> 272 packets received by filter
> 0 packets dropped by kernel
> [root at cpc1-neat1-0-0-cust793 Desktop]#
>
>
>
>
>
> _______________________________________________
> SWLUG Discussion List - Discuss at swlug.org
> http://swlug.org/mailman/listinfo/discuss
More information about the Swlug
mailing list