|
Check if there is traffic within SSH
In Perl/C implementing an SSH connection (using port forwarding). How do one actually check what is going on inside the SSH tunnel? For example: ssh -L 5902:localhost:10003 <remotehost>
I want to basically check whether there is traffic between this connection. thanks Aaron |
Quote:
Quote:
|
Hi there,
I am basically trying to check if there is a vncviewer connecting to a vncserver through SSH. I was playing around with netstat for a bit and found a very interesting behaviour when vncviewer is connecting to a vncserver through an SSH tunnel. Basically i setup port forwarding: SSH -L 10001:localhost:5900 <remote-host> Then. with the command: netstat -t | grep <remote-host>, i realise: 1.) When RECV-Q is = 0, it means there is no user activity -> When RECV-Q == 0 it means that there is no activity within SSH 2.) When RECV-Q is > 0, it means there is user activity 3.) When SEND-Q is = 0 or > 1504, it means SSH connection is active and host is alive. 4.) When SEND-Q is = 1504, it means SSH connection is active, but host is dead. Do you think this result will hold? I am just doing this through general testing of behaviour, do you think this approach would be better than using wireshark? I am trying to refrain from using external packages and instead rely on built in tools. Thanks aaron http://aarontwc.blogspot.com |
what is the concept of 1504 here? I didn't get......!!!
|
Quote:
|
Hi,
1504 is basically a fixed amount of byte that netstat sends to 'test'. Anyhow, I am indeed playing with tcpdump right this moment. but it is not really returning me anything. I tried tcpdump -i eth0 tcp port 5902 Also.. actually i was thinking.. maybe the best way to do it is really to check tcp traffic of the program than the port. Is there any program that I can use to track tcp traffic of a process ID? THANKS!!!! Aaron |
Quote:
|
| All times are GMT -5. The time now is 10:35 AM. |