Еще одна напасть свалилась, еще вчера работало.
Реальные белые, фиксированные, IP адреса заменены на 1.1.1.1 и 2.2.2.2, SSH порт заменен на 4422.
Снято в параллельной сессии.
Код:
tcpdump -ni em1 -vv host 2.2.2.2
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
11:57:38.991519 IP (tos 0x0, ttl 64, id 10559, offset 0, flags [none], proto TCP (6), length 60)
1.1.1.1.43807 > 2.2.2.2.4422: Flags [S], cksum 0xfcbb (correct), seq 4276022697, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 1110437417 ecr 0], length 0
11:57:41.991087 IP (tos 0x0, ttl 64, id 14240, offset 0, flags [none], proto TCP (6), length 60)
1.1.1.1.43807 > 2.2.2.2.4422: Flags [S], cksum 0xf103 (correct), seq 4276022697, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 1110440417 ecr 0], length 0
11:57:45.191085 IP (tos 0x0, ttl 64, id 62806, offset 0, flags [none], proto TCP (6), length 60)
1.1.1.1.43807 > 2.2.2.2.4422: Flags [S], cksum 0xe483 (correct), seq 4276022697, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 1110443617 ecr 0], length 0
11:57:48.391089 IP (tos 0x0, ttl 64, id 50634, offset 0, flags [none], proto TCP (6), length 44)
1.1.1.1.43807 > 2.2.2.2.4422: Flags [S], cksum 0x7d3a (correct), seq 4276022697, win 65535, options [mss 1460], length 0
11:57:51.591086 IP (tos 0x0, ttl 64, id 18031, offset 0, flags [none], proto TCP (6), length 44)
1.1.1.1.43807 > 2.2.2.2.4422: Flags [S], cksum 0x7d3a (correct), seq 4276022697, win 65535, options [mss 1460], length 0
11:57:54.791085 IP (tos 0x0, ttl 64, id 54356, offset 0, flags [none], proto TCP (6), length 44)
1.1.1.1.43807 > 2.2.2.2.4422: Flags [S], cksum 0x7d3a (correct), seq 4276022697, win 65535, options [mss 1460], length 0
11:58:00.991088 IP (tos 0x0, ttl 64, id 32390, offset 0, flags [none], proto TCP (6), length 44)
1.1.1.1.43807 > 2.2.2.2.4422: Flags [S], cksum 0x7d3a (correct), seq 4276022697, win 65535, options [mss 1460], length 0
11:58:13.191083 IP (tos 0x0, ttl 64, id 2535, offset 0, flags [none], proto TCP (6), length 44)
1.1.1.1.43807 > 2.2.2.2.4422: Flags [S], cksum 0x7d3a (correct), seq 4276022697, win 65535, options [mss 1460], length 0
11:58:37.391086 IP (tos 0x0, ttl 64, id 56536, offset 0, flags [none], proto TCP (6), length 44)
1.1.1.1.43807 > 2.2.2.2.4422: Flags [S], cksum 0x7d3a (correct), seq 4276022697, win 65535, options [mss 1460], length 0
^C
9 packets captured
6485 packets received by filter
0 packets dropped by kernel
Как видим прохождение пакетов ssh по "protocol 2" тоже режется, length 0.