also sprach Bernardo Dal Seno <[EMAIL PROTECTED]> [2008.04.11.0035 +0200]: > > In the tcpdump output, I see a lot of duplicate packets, but > > otherwise can't figure out what's going on. > > I can see only one duplicate packet: > > > 14.908203 192.168.254.246 -> 213.203.238.82 SSHv2 [TCP Retransmission] > > Client: Diffie-Hellman GEX Init
There'll be more if I just keep waiting. > Have you filtered the tcpdump (Wireshark?) output? Nope. > > 22.576404 192.168.254.246 -> 213.203.238.82 SSH Encrypted > > request packet len=560 > > And this is an encrypted packet, so the Diffie-Hellman exchange > should be completed. Okay, so let's assume the DH exchange completes fine, why is the session then not established? > > 23.876222 213.203.238.82 -> 192.168.254.246 TCP [TCP ACKed lost segment] > > 22 > 59447 [ACK] Seq=1 Ack=586 Win=54 Len=0 TSV=747577555 TSER=4288622 > > This packet is very strange. It's an ACK for a previous connection, > with sequence number 1, i.e., the server has not sent any byte, while > acknowledges 585 bytes sent from the client. This is strange because > even if you tenet to an Ssh server you get a response containing the > version of the server. Do you remember if you have done something in > particular to get that? Nope. Well, I flew into Barcelona and tried to connect to the KubiWireless network here. > > Does anyone have any clue what's going on here? Is > > SSH2_MSG_KEX_DH_GEX_INIT so complex that it manages to screw over > > crap networks? > > I don't understand what's happening, but maybe some packet has > been filtered from the dump. Do you have a firewall? Does it > reject any packet? Well, a packet filter runs on 213.203.238.82, but it allows SSH traffic and RELATED,ESTABLISHED. Thanks for your time, -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems "one should never do anything that one cannot talk about after dinner." -- oscar wilde
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
