You'll see ssh packets because you are connected via ssh. Any data sent to you (all the text for your tcpdump and other messages) will show up in the dump!
Sometimes I like to filter out those packets: tcpdump not port 22 That way you wont see all the packets involving your ssh session. ----- Original Message ----- From: "SB CH" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 20, 2002 8:46 PM Subject: keepalive message or not? > Hello,all. > > So sorry,I corrected tcpdump result. > please re see my question. > > I remote connected my server using ssh and executed like this. > > # tcpdump tcp > > and I can see so lots of packets like this. > > 09:43:22.517945 eth0 < client.56166 > server.ssh: . > 3410978287:3410978287(0) ack 3409179220 win 33728 (DF) [tos 0x10] > 09:43:22.517984 eth0 > server.ssh > client.56166: P 1:97(96) ack 0 win > 10720 (DF) > 09:43:22.518199 eth0 < client.56166 > server.ssh: . 0:0(0) ack 97 win 33728 > (DF) [tos 0x10] > 09:43:22.518242 eth0 > server.ssh > client.56166: P 97:201(104) ack 0 win > 10720 (DF) > 09:43:22.518445 eth0 < client.56166 > server.ssh: . 0:0(0) ack 201 win > 33728 (DF) [tos 0x10] > 09:43:22.519078 eth0 > server.ssh > client.56166: P 201:401(200) ack 0 win > 10720 (DF) > 09:43:22.519328 eth0 < server.56166 > client.ssh: . 0:0(0) ack 401 win > 33728 (DF) [tos 0x10] > 09:43:22.519377 eth0 > server.ssh > client.56166: P 401:561(160) ack 0 win > 10720 (DF) > 09:43:22.519602 eth0 < client.56166 > server.ssh: . 0:0(0) ack 561 win > 33728 (DF) [tos 0x10] > 09:43:22.519636 eth0 > server.ssh > client.56166: P 561:729(168) ack 0 win > 10720 (DF) > > > * client is my pc name. > > Surely, I didn't do anything except ssh login and just tcpdump. > > Is this a keepalive message or not? > > Please let me know the meaning about this message. > > Thanks in advance. > > > _________________________________________________________________ > È®ÀÎÇÏÀÚ ¿À´ÃÀÇ ¿î¼¼ ¹«·á »çÁÖ, ±ÃÇÕ, ÀÛ¸í, Àü»ý °¡À̵å > http://www.msn.co.kr/fortune/default.asp > >
