beactive_malfunzionante_-_tcpdump_ssh

1. tentativo di connessione:
2. ----
3. [k0smik0@cavallo-pazzo ~]$ ssh -v ecs
4. OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014
5. debug1: Reading configuration data /home/k0smik0/.ssh/config
6. debug1: /home/k0smik0/.ssh/config line 88: Applying options for ecs
7. debug1: Reading configuration data /etc/ssh/ssh_config
8. debug1: /etc/ssh/ssh_config line 19: Applying options for *
9. debug1: Connecting to emilia.cs.unibo.it [130.136.4.219] port 22.
10. debug1: Connection established.
11. debug1: identity file /home/k0smik0/.ssh/cs/id_rsa type 1
12. debug1: identity file /home/k0smik0/.ssh/cs/id_rsa-cert type -1
13. debug1: Enabling compatibility mode for protocol 2.0
14. debug1: Local version string SSH-2.0-OpenSSH_6.5p1 Debian-6
15. debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.3
16. debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.3 pat OpenSSH_5* compat 0x0c000000
17. debug1: SSH2_MSG_KEXINIT sent
18. debug1: SSH2_MSG_KEXINIT received
19. debug1: kex: server->client aes128-ctr hmac-md5 none
20. debug1: kex: client->server aes128-ctr hmac-md5 none
21. debug1: sending SSH2_MSG_KEX_ECDH_INIT
22. debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
23. Connection closed by 130.136.4.219
24. ----
25.  
26. log tcpdump:
27. ----
28. [k0smik0@cavallo-pazzo ~]$ sudo tcpdump -i wlan0 "port 22"
29. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
30. listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
31. 22:35:45.575431 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [S], seq 557812081, win 29200, options [mss 1460,sackOK,TS val 233390303 ecr 0,nop,wscale 7], length 0
32. 22:35:45.631751 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40017: Flags [S.], seq 560381570, ack 557812082, win 14480, options [mss 1460,sackOK,TS val 1498954623 ecr 233390303,nop,wscale 4], length 0
33. 22:35:45.631883 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], ack 1, win 229, options [nop,nop,TS val 233390359 ecr 1498954623], length 0
34. 22:35:45.633179 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [P.], seq 1:33, ack 1, win 229, options [nop,nop,TS val 233390360 ecr 1498954623], length 32
35. 22:35:45.690606 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40017: Flags [.], ack 33, win 905, options [nop,nop,TS val 1498954638 ecr 233390360], length 0
36. 22:35:45.699452 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40017: Flags [P.], seq 1:42, ack 33, win 905, options [nop,nop,TS val 1498954640 ecr 233390360], length 41
37. 22:35:45.699525 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], ack 42, win 229, options [nop,nop,TS val 233390427 ecr 1498954640], length 0
38. 22:35:45.702241 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1481, ack 42, win 229, options [nop,nop,TS val 233390429 ecr 1498954640], length 1448
39. 22:35:45.702512 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [P.], seq 1481:2001, ack 42, win 229, options [nop,nop,TS val 233390430 ecr 1498954640], length 520
40. 22:35:45.703966 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 42, win 229, options [nop,nop,TS val 233390431 ecr 1498954640], length 1440
41. 22:35:45.703981 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], seq 1473:1481, ack 42, win 229, options [nop,nop,TS val 233390431 ecr 1498954640], length 8
42. 22:35:45.760365 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40017: Flags [P.], seq 42:1002, ack 33, win 905, options [nop,nop,TS val 1498954654 ecr 233390427], length 960
43. 22:35:45.800404 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], ack 1002, win 244, options [nop,nop,TS val 233390528 ecr 1498954654], length 0
44. 22:35:45.809218 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40017: Flags [.], ack 33, win 905, options [nop,nop,TS val 1498954668 ecr 233390427,nop,nop,sack 1 {1473:1481}], length 0
45. 22:35:45.960403 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233390688 ecr 1498954668], length 1440
46. 22:35:46.474395 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233391202 ecr 1498954668], length 1440
47. 22:35:47.500407 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233392228 ecr 1498954668], length 1440
48. 22:35:49.552382 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233394280 ecr 1498954668], length 1440
49. 22:35:53.656400 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233398384 ecr 1498954668], length 1440
50. 22:35:55.261413 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [FP.], seq 2001:2081, ack 1002, win 244, options [nop,nop,TS val 233399989 ecr 1498954668], length 80
51. 22:35:59.462683 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [S], seq 110537273, win 29200, options [mss 1460,sackOK,TS val 233404190 ecr 0,nop,wscale 7], length 0
52. 22:35:59.522175 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40030: Flags [S.], seq 2268581915, ack 110537274, win 14480, options [mss 1460,sackOK,TS val 1498958096 ecr 233404190,nop,wscale 4], length 0
53. 22:35:59.522294 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], ack 1, win 229, options [nop,nop,TS val 233404249 ecr 1498958096], length 0
54. 22:35:59.522712 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [P.], seq 1:33, ack 1, win 229, options [nop,nop,TS val 233404250 ecr 1498958096], length 32
55. 22:35:59.585330 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40030: Flags [.], ack 33, win 905, options [nop,nop,TS val 1498958111 ecr 233404250], length 0
56. 22:35:59.593248 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40030: Flags [P.], seq 1:42, ack 33, win 905, options [nop,nop,TS val 1498958113 ecr 233404250], length 41
57. 22:35:59.593348 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], ack 42, win 229, options [nop,nop,TS val 233404320 ecr 1498958113], length 0
58. 22:35:59.594389 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 42, win 229, options [nop,nop,TS val 233404322 ecr 1498958113], length 1440
59. 22:35:59.596245 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [P.], seq 1473:2001, ack 42, win 229, options [nop,nop,TS val 233404323 ecr 1498958113], length 528
60. 22:35:59.658337 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40030: Flags [P.], seq 42:1002, ack 33, win 905, options [nop,nop,TS val 1498958129 ecr 233404320], length 960
61. 22:35:59.698402 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], ack 1002, win 244, options [nop,nop,TS val 233404426 ecr 1498958129], length 0
62. 22:35:59.713389 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [P.], seq 2001:2081, ack 1002, win 244, options [nop,nop,TS val 233404441 ecr 1498958129], length 80
63. 22:35:59.973409 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233404701 ecr 1498958129], length 1440
64. 22:36:00.492398 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233405220 ecr 1498958129], length 1440
65. 22:36:01.532397 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233406260 ecr 1498958129], length 1440
66. 22:36:01.864410 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233406592 ecr 1498954668], length 1440
67. 22:36:03.608388 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233408336 ecr 1498958129], length 1440
68. 22:36:07.768432 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233412496 ecr 1498958129], length 1440
69. 22:36:16.072411 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233420800 ecr 1498958129], length 1440
70. 22:36:18.312419 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233423040 ecr 1498954668], length 1440
71. 22:36:32.712420 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233437440 ecr 1498958129], length 1440
72. 22:36:51.144424 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233455872 ecr 1498954668], length 1440
73. 22:37:05.992421 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [.], seq 33:1473, ack 1002, win 244, options [nop,nop,TS val 233470720 ecr 1498958129], length 1440
74. 22:37:45.698448 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40017: Flags [F.], seq 1002, ack 33, win 905, options [nop,nop,TS val 1498984640 ecr 233390427,nop,nop,sack 1 {1473:1481}], length 0
75. 22:37:45.698599 IP 192.168.1.33.40017 > emilia.cs.unibo.it.ssh: Flags [.], ack 1003, win 244, options [nop,nop,TS val 233510426 ecr 1498984640], length 0
76. 22:37:59.591395 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40030: Flags [F.], seq 1002, ack 33, win 905, options [nop,nop,TS val 1498988113 ecr 233404320], length 0
77. 22:37:59.592225 IP 192.168.1.33.40030 > emilia.cs.unibo.it.ssh: Flags [F.], seq 2081, ack 1003, win 244, options [nop,nop,TS val 233524319 ecr 1498988113], length 0
78. 22:37:59.652147 IP emilia.cs.unibo.it.ssh > 192.168.1.33.40030: Flags [R], seq 2268582918, win 0, length 0
79. 48 packets captured
80. 48 packets received by filter
81. 0 packets dropped by kernel
82. ----
83.  
84. notare come dal timestamp 22:35:59.522175 i pacchetti inizino ad avere length pari a 0, e come all'invio di FIN da parte del server remoto, dopo 40 secondi di inattività (22:37:45.698448) non ci sia alcuna ricezione coerente con la richiesta (ovvero un FIN+ACK), mentre il mio host continua a mandare ack di lunghezza 0, tentando evidentemente di stabilire ancora la connessione.
85. notare come sia il server remoto a inviare il flag di FIN poichè non c'è