Date: Thu, 25 Oct 2001 12:11:49 -0700 From: Daniel Brown <djb@unixan.com> To: <sudz@ns3g.com> Cc: freebsd-stable@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Openssh Message-ID: <20011025121149.7918999f.djb@unixan.com> In-Reply-To: <EGEAJNBPMIDPDNBOENHFMEJECLAA.sudz@ns3g.com> References: <20011025170531.K30100@itouchlabs.com> <EGEAJNBPMIDPDNBOENHFMEJECLAA.sudz@ns3g.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You are probably observing differences in buffer handling in each case.
As it has been already pointed out, this is a case of using tcpdump to
dump its own output, and even slight changes in protocol behaviour, data
blocking, packet fragmentation, phase of the moon, etc. will greatly
affect your results.
Put simply, this is a case of trying to hold unscientifically produced
results to light, when you should simply toss them in the trash and use
a better testing method.
-Daniel
------------ Quoted Message ------------
Date...: Thu, 25 Oct 2001 13:19:35 -0400
From...: "Colin Legendre" <sudz@ns3g.com>
To.....: <freebsd-stable@FreeBSD.ORG>, <freebsd-questions@FreeBSD.ORG>
CC.....:
Subject: RE: Openssh
Once again though, if it was a little bit of trafic I could see it but this
much nope.
AND why would it be different on a 4.3 box from a 4.4 box? and why different
when using ssh1 vs ssh2?
Colin Legendre CCNA, MCP
sudz@ns3g.com
http://www.ns3g.com
-----Original Message-----
From: Barry Irwin [mailto:bvi@devco.net]On Behalf Of Barry Irwin
Sent: Thursday, October 25, 2001 11:06 AM
To: Colin Legendre
Cc: freebsd-stable@FreeBSD.ORG; freebsd-questions@FreeBSD.ORG
Subject: Re: Openssh
On Thu 2001-10-25 (10:16), Colin Legendre wrote:
> Explain to me then why doing this with ssh1 it is only 2-3k of traffic but
> with ssh2 it is 25-75K of traffic. Explain as well that doing this under
> FreeBSD 4.3 Stable only creates 2-3K of traffic, using ssh1 or ssh2?
setup as follows:
[client] ---{NET}---- [SERVER]
You log into the server and run trafshow/tcpdump on the server's
(external??) interface
For every packet that is captured and displayed, another is generated to
convey the information to your client. This of course generates another
packet ad nauseum, untill you can pretty much saturate your link. Using the
compression option (-C) to ssh can help with his a bit, but a better option
is to use pcap logic in a filter expression (man tcpdump) to exlude your
clients ssh traffic to the server from the capture. So try something like
tcpdump -i fxp0 not host client and \(host srver and port 22 \)
trafshow takes the same logic. Have a good read of the tcpdump man page
which explains this syntax in greater detail. Good use of filter
expressions can make yout life a hell of a lot easier when debugging.
Barry
--
Barry Irwin
Systems Administrator (Networks and Security)
Itouch Labs bvi @ itouchlabs.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011025121149.7918999f.djb>