Date: Thu, 25 Oct 2001 17:05:31 +0200 From: Barry Irwin <bvi@itouchlabs.com> To: Colin Legendre <sudz@ns3g.com> Cc: freebsd-stable@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Openssh Message-ID: <20011025170531.K30100@itouchlabs.com> In-Reply-To: <EGEAJNBPMIDPDNBOENHFOEIJCLAA.sudz@ns3g.com>; from sudz@ns3g.com on Thu, Oct 25, 2001 at 10:16:17AM -0400 References: <3BD81802.2010209@emaxx.nl> <EGEAJNBPMIDPDNBOENHFOEIJCLAA.sudz@ns3g.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu 2001-10-25 (10:16), Colin Legendre wrote:
> Explain to me then why doing this with ssh1 it is only 2-3k of traffic but
> with ssh2 it is 25-75K of traffic. Explain as well that doing this under
> FreeBSD 4.3 Stable only creates 2-3K of traffic, using ssh1 or ssh2?
setup as follows:
[client] ---{NET}---- [SERVER]
You log into the server and run trafshow/tcpdump on the server's
(external??) interface
For every packet that is captured and displayed, another is generated to
convey the information to your client. This of course generates another
packet ad nauseum, untill you can pretty much saturate your link. Using the
compression option (-C) to ssh can help with his a bit, but a better option
is to use pcap logic in a filter expression (man tcpdump) to exlude your
clients ssh traffic to the server from the capture. So try something like
tcpdump -i fxp0 not host client and \(host srver and port 22 \)
trafshow takes the same logic. Have a good read of the tcpdump man page
which explains this syntax in greater detail. Good use of filter
expressions can make yout life a hell of a lot easier when debugging.
Barry
--
Barry Irwin
Systems Administrator (Networks and Security)
Itouch Labs bvi @ itouchlabs.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011025170531.K30100>