[Snort-users] tcpdump

Ashley Thomas athomas at ...3539...
Thu Oct 4 20:47:02 EDT 2001


I have an ssh session from machine A -> B (both are on a private
then i run a tcpdump on B.

There is no other traffic on this priv netw other than this ssh traffic.

But the tcpdump output is immensely large. It gives 1000 packets
received in 4-5 secs.

Why is that so ? I am not even typing anything on the ssh session.
Is it anyway a cascading effect because i am running a tcpdump on the
remore m/c ?

thanks a lot

