Chapter 5The preceding script will make an SSH connection to the localhost and the
run the ls -l /dev/ command. The output of this script will be similar to
the following screenshot:
Inspecting the SSH packets
It would be very interesting to see the network packet exchange between the client
and the server. We can use either the native tcpdump command or the third-party
Wireshark tool to capture network packets. With tcpdump, you can specify the target
network interface ( -i lo) and the port number (port 22 ) options. In the following
packet capture session, five packet exchanges have been shown during an SSH
client/server communication session:
root@debian6box:~# tcpdump -i lo port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535
bytes
12:18:19.761292 IP localhost.50768 > localhost.ssh: Flags [S], seq
3958510356, win 32792, options [mss 16396,sackOK,TS val 57162360
ecr 0,nop,wscale 6], length 0
12:18:19.761335 IP localhost.ssh > localhost.50768: Flags [S.], seq
1834733028, ack 3958510357, win 32768, options [mss 16396,sackOK,TS
val 57162360 ecr 57162360,nop,wscale 6], length 0
12:18:19.761376 IP localhost.50768 > localhost.ssh: Flags [.], ack 1,
win 513, options [nop,nop,TS val 57162360 ecr 57162360], length 0