I have found a solution. I was using the IP from ifconfig which was 10.0.0.4 and i should have used IP via which i connect using SSH.
W dniu czwartek, 25 kwietnia 2019 13:15:01 UTC+2 użytkownik toko123 napisał: > > After > > tcpdump -i ens3 -nn host 192.168.8.69 and port 1514 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes > ^C > 0 packets captured > 0 packets received by filter > 0 packets dropped by kernel > > And output for port number 22. > > tcpdump -i ens3 -nn host 192.168.8.69 and port 22 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes > 11:01:07.432964 IP 10.0.0.4.22 > 192.168.8.69.49766: Flags [P.], seq > 2452502731:2452502859, ack 1239911147, win 933, length 128 > 11:01:07.433030 IP 10.0.0.4.22 > 192.168.8.69.49766: Flags [P.], seq > 128:192, ack 1, win 933, length 64 > 11:01:07.433088 IP 10.0.0.4.22 > 192.168.8.69.49766: Flags [P.], seq > 192:320, ack 1, win 933, length 128 > 11:01:07.433139 IP 10.0.0.4.22 > 192.168.8.69.49766: Flags [P.], seq > 320:384, ack 1, win 933, length 64 > > So my ossec is running on port 22. I suspect that this cause the lack of > connection. However when i type > > lsof -i :1514 > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > ossec-rem 6374 ossecr 4u IPv6 1075394 0t0 UDP *:1514 > > How can i change the used port for port number 22? > > >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.