Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## THIS IS PART OF A MUCH LARGER THREAD - PLEASE START HERE
- ## http://pastebin.com/KWZBSD4C
- # tcpdump host 10.0.0.22 -n -vvv
- tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
- 07:46:06.232899 IP (tos 0x0, ttl 64, id 26956, offset 0, flags [DF], proto TCP (6), length 60)
- 10.0.0.74.47538 > 10.0.0.22.ssh: Flags [S], cksum 0x148e (incorrect -> 0x114a), seq 3304188313, win 14600, options [mss 1460,sackOK,TS val 2654421 ecr 0,nop,wscale 4], length 0
- 07:46:06.233317 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
- 10.0.0.22.ssh > 10.0.0.74.47538: Flags [S.], cksum 0x7df4 (correct), seq 3241335193, ack 3304188314, win 5792, options [mss 1460,sackOK,TS val 858832 ecr 2654421,nop,wscale 7], length 0
- 07:46:06.233336 IP (tos 0x0, ttl 64, id 26957, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.74.47538 > 10.0.0.22.ssh: Flags [.], cksum 0x1486 (incorrect -> 0xbfcf), seq 1, ack 1, win 913, options [nop,nop,TS val 2654421 ecr 858832], length 0
- 07:46:06.243428 IP (tos 0x0, ttl 64, id 49994, offset 0, flags [DF], proto TCP (6), length 72)
- 10.0.0.22.ssh > 10.0.0.74.47538: Flags [P.], cksum 0x0d67 (correct), seq 1:21, ack 1, win 46, options [nop,nop,TS val 858842 ecr 2654421], length 20
- 07:46:06.243577 IP (tos 0x0, ttl 64, id 26958, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.74.47538 > 10.0.0.22.ssh: Flags [.], cksum 0x1486 (incorrect -> 0xbfaf), seq 1, ack 21, win 913, options [nop,nop,TS val 2654423 ecr 858842], length 0
- 07:46:06.243801 IP (tos 0x0, ttl 64, id 26959, offset 0, flags [DF], proto TCP (6), length 73)
- 10.0.0.74.47538 > 10.0.0.22.ssh: Flags [P.], cksum 0x149b (incorrect -> 0xfee9), seq 1:22, ack 21, win 913, options [nop,nop,TS val 2654423 ecr 858842], length 21
- 07:46:06.244122 IP (tos 0x0, ttl 64, id 49995, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47538: Flags [.], cksum 0xc2fd (correct), seq 21, ack 22, win 46, options [nop,nop,TS val 858842 ecr 2654423], length 0
- 07:46:06.244136 IP (tos 0x0, ttl 64, id 26960, offset 0, flags [DF], proto TCP (6), length 844)
- 10.0.0.74.47538 > 10.0.0.22.ssh: Flags [P.], cksum 0x179e (incorrect -> 0x91b8), seq 22:814, ack 21, win 913, options [nop,nop,TS val 2654424 ecr 858842], length 792
- 07:46:06.244427 IP (tos 0x0, ttl 64, id 49996, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47538: Flags [.], cksum 0xbfd6 (correct), seq 21, ack 814, win 58, options [nop,nop,TS val 858844 ecr 2654424], length 0
- 07:46:06.244602 IP (tos 0x0, ttl 64, id 49997, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47538: Flags [R.], cksum 0xbfd2 (correct), seq 21, ack 814, win 58, options [nop,nop,TS val 858844 ecr 2654424], length 0
- ## begin 1
- # tcpdump host 10.0.0.22 -nS -vvv
- tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
- 07:56:10.752481 IP (tos 0x0, ttl 64, id 33520, offset 0, flags [DF], proto TCP (6), length 60)
- 10.0.0.74.47542 > 10.0.0.22.ssh: Flags [S], cksum 0x148e (incorrect -> 0x9de1), seq 2243186143, win 14600, options [mss 1460,sackOK,TS val 2805551 ecr 0,nop,wscale 4], length 0
- 07:56:10.752885 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
- 10.0.0.22.ssh > 10.0.0.74.47542: Flags [S.], cksum 0x4a66 (correct), seq 3870571211, ack 2243186144, win 5792, options [mss 1460,sackOK,TS val 1463353 ecr 2805551,nop,wscale 7], length 0
- 07:56:10.752904 IP (tos 0x0, ttl 64, id 33521, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.74.47542 > 10.0.0.22.ssh: Flags [.], cksum 0x1486 (incorrect -> 0x8c41), seq 2243186144, ack 3870571212, win 913, options [nop,nop,TS val 2805551 ecr 1463353], length 0
- 07:56:10.766701 IP (tos 0x0, ttl 64, id 28405, offset 0, flags [DF], proto TCP (6), length 72)
- 10.0.0.22.ssh > 10.0.0.74.47542: Flags [P.], cksum 0xd9d4 (correct), seq 3870571212:3870571232, ack 2243186144, win 46, options [nop,nop,TS val 1463367 ecr 2805551], length 20
- 07:56:10.766853 IP (tos 0x0, ttl 64, id 33522, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.74.47542 > 10.0.0.22.ssh: Flags [.], cksum 0x1486 (incorrect -> 0x8c1c), seq 2243186144, ack 3870571232, win 913, options [nop,nop,TS val 2805554 ecr 1463367], length 0
- 07:56:10.767244 IP (tos 0x0, ttl 64, id 33523, offset 0, flags [DF], proto TCP (6), length 73)
- 10.0.0.74.47542 > 10.0.0.22.ssh: Flags [P.], cksum 0x149b (incorrect -> 0xcb56), seq 2243186144:2243186165, ack 3870571232, win 913, options [nop,nop,TS val 2805554 ecr 1463367], length 21
- 07:56:10.767536 IP (tos 0x0, ttl 64, id 28406, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47542: Flags [.], cksum 0x8f69 (correct), seq 3870571232, ack 2243186165, win 46, options [nop,nop,TS val 1463368 ecr 2805554], length 0
- 07:56:10.767802 IP (tos 0x0, ttl 64, id 33524, offset 0, flags [DF], proto TCP (6), length 844)
- 10.0.0.74.47542 > 10.0.0.22.ssh: Flags [P.], cksum 0x179e (incorrect -> 0x261a), seq 2243186165:2243186957, ack 3870571232, win 913, options [nop,nop,TS val 2805554 ecr 1463368], length 792
- 07:56:10.768075 IP (tos 0x0, ttl 64, id 28407, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47542: Flags [F.], cksum 0x8f68 (correct), seq 3870571232, ack 2243186165, win 46, options [nop,nop,TS val 1463368 ecr 2805554], length 0
- 07:56:10.768110 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
- 10.0.0.22.ssh > 10.0.0.74.47542: Flags [R], cksum 0xc01f (correct), seq 3870571232, win 0, length 0
- $ ssh -vvvo PreferredAuthentications=password root@10.0.0.22
- OpenSSH_5.3p1, OpenSSL 1.0.0j-fips 10 May 2012
- debug1: Reading configuration data /etc/ssh/ssh_config
- debug1: Applying options for *
- debug2: ssh_connect: needpriv 0
- debug1: Connecting to 10.0.0.22 [10.0.0.22] port 22.
- debug1: Connection established.
- debug1: identity file /home/ec2-user/.ssh/identity type -1
- debug1: identity file /home/ec2-user/.ssh/id_rsa type -1
- debug1: identity file /home/ec2-user/.ssh/id_dsa type -1
- debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
- debug1: match: OpenSSH_4.3 pat OpenSSH_4*
- debug1: Enabling compatibility mode for protocol 2.0
- debug1: Local version string SSH-2.0-OpenSSH_5.3
- debug2: fd 3 setting O_NONBLOCK
- debug1: SSH2_MSG_KEXINIT sent
- debug3: Wrote 792 bytes for a total of 813
- Connection closed by UNKNOWN
- ## END 1
- ## Begin 2
- # tcpdump host 10.0.0.22 -nS -vvv
- tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
- 08:04:21.462983 IP (tos 0x0, ttl 64, id 57514, offset 0, flags [DF], proto TCP (6), length 60)
- 10.0.0.74.47545 > 10.0.0.22.ssh: Flags [S], cksum 0x148e (incorrect -> 0xf6fd), seq 1282363086, win 14600, options [mss 1460,sackOK,TS val 2928228 ecr 0,nop,wscale 4], length 0
- 08:04:21.463428 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
- 10.0.0.22.ssh > 10.0.0.74.47545: Flags [S.], cksum 0x1b04 (correct), seq 106309322, ack 1282363087, win 5792, options [mss 1460,sackOK,TS val 1954064 ecr 2928228,nop,wscale 7], length 0
- 08:04:21.463447 IP (tos 0x0, ttl 64, id 57515, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.74.47545 > 10.0.0.22.ssh: Flags [.], cksum 0x1486 (incorrect -> 0x5cdf), seq 1282363087, ack 106309323, win 913, options [nop,nop,TS val 2928228 ecr 1954064], length 0
- 08:04:21.498159 IP (tos 0x0, ttl 64, id 63451, offset 0, flags [DF], proto TCP (6), length 72)
- 10.0.0.22.ssh > 10.0.0.74.47545: Flags [P.], cksum 0xaa5d (correct), seq 106309323:106309343, ack 1282363087, win 46, options [nop,nop,TS val 1954099 ecr 2928228], length 20
- 08:04:21.498313 IP (tos 0x0, ttl 64, id 57516, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.74.47545 > 10.0.0.22.ssh: Flags [.], cksum 0x1486 (incorrect -> 0x5c9f), seq 1282363087, ack 106309343, win 913, options [nop,nop,TS val 2928237 ecr 1954099], length 0
- 08:04:21.498749 IP (tos 0x0, ttl 64, id 57517, offset 0, flags [DF], proto TCP (6), length 73)
- 10.0.0.74.47545 > 10.0.0.22.ssh: Flags [P.], cksum 0x149b (incorrect -> 0x9bd9), seq 1282363087:1282363108, ack 106309343, win 913, options [nop,nop,TS val 2928237 ecr 1954099], length 21
- 08:04:21.499043 IP (tos 0x0, ttl 64, id 63452, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47545: Flags [.], cksum 0x5fec (correct), seq 106309343, ack 1282363108, win 46, options [nop,nop,TS val 1954100 ecr 2928237], length 0
- 08:04:21.499345 IP (tos 0x0, ttl 64, id 57518, offset 0, flags [DF], proto TCP (6), length 844)
- 10.0.0.74.47545 > 10.0.0.22.ssh: Flags [P.], cksum 0x179e (incorrect -> 0xc761), seq 1282363108:1282363900, ack 106309343, win 913, options [nop,nop,TS val 2928237 ecr 1954100], length 792
- 08:04:21.499590 IP (tos 0x0, ttl 64, id 63453, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47545: Flags [F.], cksum 0x5fea (correct), seq 106309343, ack 1282363108, win 46, options [nop,nop,TS val 1954101 ecr 2928237], length 0
- 08:04:21.499639 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
- 10.0.0.22.ssh > 10.0.0.74.47545: Flags [R], cksum 0xb47c (correct), seq 106309343, win 0, length 0
- $ ssh -vvvo PreferredAuthentications=password root@10.0.0.22
- OpenSSH_5.3p1, OpenSSL 1.0.0j-fips 10 May 2012
- debug1: Reading configuration data /etc/ssh/ssh_config
- debug1: Applying options for *
- debug2: ssh_connect: needpriv 0
- debug1: Connecting to 10.0.0.22 [10.0.0.22] port 22.
- debug1: Connection established.
- debug1: identity file /home/ec2-user/.ssh/identity type -1
- debug1: identity file /home/ec2-user/.ssh/id_rsa type -1
- debug1: identity file /home/ec2-user/.ssh/id_dsa type -1
- debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
- debug1: match: OpenSSH_4.3 pat OpenSSH_4*
- debug1: Enabling compatibility mode for protocol 2.0
- debug1: Local version string SSH-2.0-OpenSSH_5.3
- debug2: fd 3 setting O_NONBLOCK
- debug1: SSH2_MSG_KEXINIT sent
- debug3: Wrote 792 bytes for a total of 813
- Connection closed by UNKNOWN
- ## End2
- ## Begin 3
- # tcpdump host 10.0.0.22 -nS -vvv
- tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
- 08:05:51.397592 IP (tos 0x0, ttl 64, id 56430, offset 0, flags [DF], proto TCP (6), length 60)
- 10.0.0.74.47546 > 10.0.0.22.ssh: Flags [S], cksum 0x148e (incorrect -> 0x91e0), seq 3459177046, win 14600, options [mss 1460,sackOK,TS val 2950712 ecr 0,nop,wscale 4], length 0
- 08:05:51.398051 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
- 10.0.0.22.ssh > 10.0.0.74.47546: Flags [S.], cksum 0x0b71 (correct), seq 188116239, ack 3459177047, win 5792, options [mss 1460,sackOK,TS val 2043999 ecr 2950712,nop,wscale 7], length 0
- 08:05:51.398070 IP (tos 0x0, ttl 64, id 56431, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.74.47546 > 10.0.0.22.ssh: Flags [.], cksum 0x1486 (incorrect -> 0x4d4c), seq 3459177047, ack 188116240, win 913, options [nop,nop,TS val 2950712 ecr 2043999], length 0
- 08:05:51.411995 IP (tos 0x0, ttl 64, id 23887, offset 0, flags [DF], proto TCP (6), length 72)
- 10.0.0.22.ssh > 10.0.0.74.47546: Flags [P.], cksum 0x9adf (correct), seq 188116240:188116260, ack 3459177047, win 46, options [nop,nop,TS val 2044013 ecr 2950712], length 20
- 08:05:51.412146 IP (tos 0x0, ttl 64, id 56432, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.74.47546 > 10.0.0.22.ssh: Flags [.], cksum 0x1486 (incorrect -> 0x4d26), seq 3459177047, ack 188116260, win 913, options [nop,nop,TS val 2950716 ecr 2044013], length 0
- 08:05:51.412535 IP (tos 0x0, ttl 64, id 56433, offset 0, flags [DF], proto TCP (6), length 73)
- 10.0.0.74.47546 > 10.0.0.22.ssh: Flags [P.], cksum 0x149b (incorrect -> 0x8c60), seq 3459177047:3459177068, ack 188116260, win 913, options [nop,nop,TS val 2950716 ecr 2044013], length 21
- 08:05:51.413184 IP (tos 0x0, ttl 64, id 23888, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47546: Flags [.], cksum 0x5073 (correct), seq 188116260, ack 3459177068, win 46, options [nop,nop,TS val 2044014 ecr 2950716], length 0
- 08:05:51.413198 IP (tos 0x0, ttl 64, id 56434, offset 0, flags [DF], proto TCP (6), length 548)
- 10.0.0.74.47546 > 10.0.0.22.ssh: Flags [P.], cksum 0x1676 (incorrect -> 0x2388), seq 3459177068:3459177564, ack 188116260, win 913, options [nop,nop,TS val 2950716 ecr 2044014], length 496
- 08:05:51.413483 IP (tos 0x0, ttl 64, id 23889, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47546: Flags [.], cksum 0x4e7a (correct), seq 188116260, ack 3459177564, win 54, options [nop,nop,TS val 2044015 ecr 2950716], length 0
- 08:05:51.413694 IP (tos 0x0, ttl 64, id 23890, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47546: Flags [R.], cksum 0x4e76 (correct), seq 188116260, ack 3459177564, win 54, options [nop,nop,TS val 2044015 ecr 2950716], length 0
- $ ssh -vvvo PreferredAuthentications=password -c aes256-ctr root@10.0.0.22
- OpenSSH_5.3p1, OpenSSL 1.0.0j-fips 10 May 2012
- debug1: Reading configuration data /etc/ssh/ssh_config
- debug1: Applying options for *
- debug2: ssh_connect: needpriv 0
- debug1: Connecting to 10.0.0.22 [10.0.0.22] port 22.
- debug1: Connection established.
- debug1: identity file /home/ec2-user/.ssh/identity type -1
- debug1: identity file /home/ec2-user/.ssh/id_rsa type -1
- debug1: identity file /home/ec2-user/.ssh/id_dsa type -1
- debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
- debug1: match: OpenSSH_4.3 pat OpenSSH_4*
- debug1: Enabling compatibility mode for protocol 2.0
- debug1: Local version string SSH-2.0-OpenSSH_5.3
- debug2: fd 3 setting O_NONBLOCK
- debug1: SSH2_MSG_KEXINIT sent
- debug3: Wrote 496 bytes for a total of 517
- Read from socket failed: Connection reset by peer
- ## End 3
- ## Begin 4
- # tcpdump host 10.0.0.22 -nS -vvv
- tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
- 08:06:44.676450 IP (tos 0x0, ttl 64, id 15882, offset 0, flags [DF], proto TCP (6), length 60)
- 10.0.0.74.47547 > 10.0.0.22.ssh: Flags [S], cksum 0x148e (incorrect -> 0xc5d1), seq 1010893898, win 14600, options [mss 1460,sackOK,TS val 2964032 ecr 0,nop,wscale 4], length 0
- 08:06:44.676877 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
- 10.0.0.22.ssh > 10.0.0.74.47547: Flags [S.], cksum 0x6e05 (correct), seq 250112666, ack 1010893899, win 5792, options [mss 1460,sackOK,TS val 2097278 ecr 2964032,nop,wscale 7], length 0
- 08:06:44.676894 IP (tos 0x0, ttl 64, id 15883, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.74.47547 > 10.0.0.22.ssh: Flags [.], cksum 0x1486 (incorrect -> 0xafe0), seq 1010893899, ack 250112667, win 913, options [nop,nop,TS val 2964032 ecr 2097278], length 0
- 08:06:44.686672 IP (tos 0x0, ttl 64, id 27365, offset 0, flags [DF], proto TCP (6), length 72)
- 10.0.0.22.ssh > 10.0.0.74.47547: Flags [P.], cksum 0xfd78 (correct), seq 250112667:250112687, ack 1010893899, win 46, options [nop,nop,TS val 2097287 ecr 2964032], length 20
- 08:06:44.686827 IP (tos 0x0, ttl 64, id 15884, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.74.47547 > 10.0.0.22.ssh: Flags [.], cksum 0x1486 (incorrect -> 0xafc1), seq 1010893899, ack 250112687, win 913, options [nop,nop,TS val 2964034 ecr 2097287], length 0
- 08:06:44.687244 IP (tos 0x0, ttl 64, id 15885, offset 0, flags [DF], proto TCP (6), length 73)
- 10.0.0.74.47547 > 10.0.0.22.ssh: Flags [P.], cksum 0x149b (incorrect -> 0xeefb), seq 1010893899:1010893920, ack 250112687, win 913, options [nop,nop,TS val 2964034 ecr 2097287], length 21
- 08:06:44.687533 IP (tos 0x0, ttl 64, id 27366, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47547: Flags [.], cksum 0xb30d (correct), seq 250112687, ack 1010893920, win 46, options [nop,nop,TS val 2097289 ecr 2964034], length 0
- 08:06:44.687804 IP (tos 0x0, ttl 64, id 15886, offset 0, flags [DF], proto TCP (6), length 548)
- 10.0.0.74.47547 > 10.0.0.22.ssh: Flags [P.], cksum 0x1676 (incorrect -> 0xc2a1), seq 1010893920:1010894416, ack 250112687, win 913, options [nop,nop,TS val 2964034 ecr 2097289], length 496
- 08:06:44.688046 IP (tos 0x0, ttl 64, id 27367, offset 0, flags [DF], proto TCP (6), length 52)
- 10.0.0.22.ssh > 10.0.0.74.47547: Flags [F.], cksum 0xb30c (correct), seq 250112687, ack 1010893920, win 46, options [nop,nop,TS val 2097289 ecr 2964034], length 0
- 08:06:44.688106 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
- 10.0.0.22.ssh > 10.0.0.74.47547: Flags [R], cksum 0x6818 (correct), seq 250112687, win 0, length 0
- $ ssh -vvvo PreferredAuthentications=password -c aes256-ctr root@10.0.0.22 -F /dev/null
- OpenSSH_5.3p1, OpenSSL 1.0.0j-fips 10 May 2012
- debug1: Reading configuration data /dev/null
- debug2: ssh_connect: needpriv 0
- debug1: Connecting to 10.0.0.22 [10.0.0.22] port 22.
- debug1: Connection established.
- debug1: identity file /home/ec2-user/.ssh/identity type -1
- debug1: identity file /home/ec2-user/.ssh/id_rsa type -1
- debug1: identity file /home/ec2-user/.ssh/id_dsa type -1
- debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
- debug1: match: OpenSSH_4.3 pat OpenSSH_4*
- debug1: Enabling compatibility mode for protocol 2.0
- debug1: Local version string SSH-2.0-OpenSSH_5.3
- debug2: fd 3 setting O_NONBLOCK
- debug1: SSH2_MSG_KEXINIT sent
- debug3: Wrote 496 bytes for a total of 517
- Connection closed by UNKNOWN
- ## End 4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement