SUNWski
Ricardo Cerqueira
rmcc at novis.pt
Wed Jul 26 01:08:22 EST 2000
On Tue, Jul 25, 2000 at 07:34:46AM -0700, Higdon, David M - CNF wrote:
> It clearly shows that I have used the ssh command!
> I am not using telnet. That is why I have such a
> concern.
No, it doesn't. By the contrary...
machine A -> hostname.xxx.com TELNET C port=38920 s
hostname.xxx.com -> machine A TELNET R port=38920 s
machine A -> hostname.xxx.com TELNET C port=38920
machine A -> hostname.xxx.com TELNET C port=38920 s
This implies a connection between a 23 port (TELNET, not SSH) and a 38920 port (source port for the telnet session)
>
> It only shows this type of output from when I run
> the snoop command from a system that has ssh installed.
>
> host1 -> host2 TCP D=22 S=4404 Syn Seq=3951258970 Len=0 Win=16384
> host2 -> host1 TCP D=4404 S=22 Rst Ack=3951258971 Win=0
>
This, on the other hand, is a connection from a 4404 (source) to a 22 (SSH). And this is my example, which is different from your output.
RC
P.S. - Don't CC me, I'm on the list.
--
+-------------------
| Ricardo Cerqueira
| PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42
| Novis - Engenharia ISP / Rede Técnica
| Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal
| Tel: +351 21 3166700 (24h/dia) - Fax: +351 21 3166701
More information about the openssh-unix-dev
mailing list