Keepalives do not contains data (2801:2841(40) means your tcp contains 40 bytes). It seems you are not receiving the acknowledge from the server, which is why the client sent the same 40 bytes forever
It could be an ACL in the path blocking non syn packets. SB CH wrote: > I remote connected my server using ssh and executed like this. > > # tcpdump tcp > > and I can see so lots of packets like this. > > 12:24:08.901473 eth0 < client.com.2157 > www.server.com.ssh: P > 2801:2841(40) ack 13496 win 16736 (DF) > 12:24:08.901481 eth0 < client.com.2157 > www.server.com.ssh: P > 2801:2841(40) ack 13496 win 16736 (DF) > 12:24:08.901483 eth0 < client.com.2157 > www.server.com.ssh: P > 2801:2841(40) ack 13496 win 16736 (DF) > 12:24:08.901492 eth0 < client.com.2157 > www.server.com.ssh: P > 2801:2841(40) ack 13496 win 16736 (DF) > 12:24:08.901498 eth0 < client.com.2157 > www.server.com.ssh: P > 2801:2841(40) ack 13496 win 16736 (DF) > > * client.com is my pc name. > > Surely, I didn't do anything except ssh login and just tcpdump. > > Is this a keepalive message or not? > > Please let me know the meaning about this message. > > Thanks in advance. > > _________________________________________________________________ > Áõ±Ç Á¤º¸ °¡Àå ºü¸£°í ÆíÇÏ°Ô º¸½Ç ¼ö ÀÖ½À´Ï´Ù. MSN Áõ±Ç/ÅõÀÚ > http://www.msn.co.kr/stock/
