On 2009-09-21, Claudio Jeker <cje...@diehard.n-r-g.com> wrote: > On Mon, Sep 21, 2009 at 09:44:34AM +0200, Janne Johansson wrote: >> Ian Chard wrote: >> > I'm troubleshooting a very strange problem, where my ssh connection to a >> > few different OpenBSD machines drops suddenly, with the client machine >> > receiving a TCP RST from the server. I've taken tcpdump captures on >> > both sides (in different sessions, so the tcpdump process doesn't die >> > with my shell), and the OpenBSD machine's capture doesn't log the RST it >> > apparently sends.
You mentioned a complex network environment - any firewalls (especially stateful ones) involved? >> There are ISPs that "traffic shape" their links by killing long-lasting >> TCP streams by faking the RST in the middle. >> > > pf(4) does this as well, if the state times out (the default timeout for > established sessions is around a day). Many other systems behave > similar (sometimes with much shorter timeouts). Enabling ssh keepalive > helps. > I think those pf(4)-generated RST would show up through bpf, though - at least they do if you "block return", I guess it's the same when tearing down an established session.
