On Thu, Oct 17, 2002 at 03:28:35AM +0000, SB CH wrote: > 12:24:08.901473 eth0 < client.com.2157 > www.server.com.ssh: P > 2801:2841(40) ack 13496 win 16736 (DF) > 12:24:08.901481 eth0 < client.com.2157 > www.server.com.ssh: P > 2801:2841(40) ack 13496 win 16736 (DF) > 12:24:08.901483 eth0 < client.com.2157 > www.server.com.ssh: P > 2801:2841(40) ack 13496 win 16736 (DF) > 12:24:08.901492 eth0 < client.com.2157 > www.server.com.ssh: P > 2801:2841(40) ack 13496 win 16736 (DF) > 12:24:08.901498 eth0 < client.com.2157 > www.server.com.ssh: P > 2801:2841(40) ack 13496 win 16736 (DF) > > * client.com is my pc name. > > Surely, I didn't do anything except ssh login and just tcpdump. > > Is this a keepalive message or not? > > Please let me know the meaning about this message.
There can really only be one cause. :) Think for a moment where the output of TCPDump is going.... over the ssh connection. Which causes more network traffic, which causes more output, and so on. Try: tcpdump not port 22 Or write the output to a file. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ [EMAIL PROTECTED] University Of Calgary (_)/(_) I should be biking right now. Computer Science
