Hi there,
I am basically trying to check if there is a vncviewer connecting to a vncserver through SSH.
I was playing around with netstat for a bit and found a very interesting behaviour when vncviewer is connecting to a vncserver through an SSH tunnel.
Basically i setup port forwarding: SSH -L 10001:localhost:5900 <remote-host>
Then. with the command: netstat -t | grep <remote-host>, i realise:
1.) When RECV-Q is = 0, it means there is no user activity -> When RECV-Q == 0 it means that there is no activity within SSH
2.) When RECV-Q is > 0, it means there is user activity
3.) When SEND-Q is = 0 or > 1504, it means SSH connection is active and host is alive.
4.) When SEND-Q is = 1504, it means SSH connection is active, but host is dead.
Do you think this result will hold? I am just doing this through general testing of behaviour, do you think this approach would be better than using wireshark? I am trying to refrain from using external packages and instead rely on built in tools.
Thanks
aaron
http://aarontwc.blogspot.com