SUNWski

Wed Jul 26 01:13:03 EST 2000

Does snoop read ports from /etc/services?  Is the port in /etc/services
on this box say ssh...23?

On Tue, Jul 25, 2000 at 04:08:22PM +0100, Ricardo Cerqueira wrote:
> On Tue, Jul 25, 2000 at 07:34:46AM -0700, Higdon, David M - CNF wrote:
> > It clearly shows that I have used the ssh command!
> > I am not using telnet. That is why I have such a 
> > concern.
> 
> No, it doesn't. By the contrary...
> 
>      machine A -> hostname.xxx.com TELNET C port=38920 s
>      hostname.xxx.com -> machine A TELNET R port=38920 s
>      machine A -> hostname.xxx.com TELNET C port=38920 
>      machine A -> hostname.xxx.com TELNET C port=38920 s
> 
> This implies a connection between a 23 port (TELNET, not SSH) and a 38920 port (source port for the telnet session)
> 
> > 
> > It only shows this type of output from when I run 
> > the snoop command from a system that has ssh installed.
> > 
> > host1 -> host2    TCP D=22 S=4404 Syn Seq=3951258970 Len=0 Win=16384
> > host2 -> host1    TCP D=4404 S=22 Rst Ack=3951258971 Win=0
> >
> 
> This, on the other hand, is a connection from a 4404 (source) to a 22 (SSH). And this is my example, which is different from your output.
> 
> RC
> 
> P.S. - Don't CC me, I'm on the list.
> 
> -- 
> +-------------------
> | Ricardo Cerqueira  
> | PGP Key fingerprint  -  B7 05 13 CE 48 0A BF 1E  87 21 83 DB 28 DE 03 42 
> | Novis  -  Engenharia ISP / Rede Técnica 
> | Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal
> | Tel: +351 21 3166700 (24h/dia) - Fax: +351 21 3166701

-- 
Willard Francis Otto Dawson      +1 770 814 5099 / +1 770 814 5202 FAX
Siemens Business Services, ENS   mailto:willard.dawson at sbs.siemens.com
4570 River Green Pkwy, Ste 140   http://www.sbs.siemens.com/
Duluth, GA  30096-2564           Standard disclaimer applies.