This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi All, I am trying to login to the linux based device via SSH port i.e., 22 using putty. When trying to login, device is prompting for User name, but after entering to the device, ssh session terminates. Captured log using wireshark tool while performing this. Pasted below for your reference. Can anyone help me what would be a reason for this kind of behavior.

In this image, could see that device (IP address 172.27.129.134) is sending FIN,ACK to the Client.

alt text

asked 20 Feb '17, 01:48

Chandrashekar_MV's gravatar image

Chandrasheka...
6112
accept rate: 0%

Can you share a capture in a publicly accessible spot, e.g. CloudShark?

(20 Feb '17, 02:10) Jaap ♦
(20 Feb '17, 05:56) Chandrasheka...

The capture does show, as mentioned in your question, the server closing the connection after the second packet of encrypted data from the client.

Unfortunately this is all that the capture can tell us, Wireshark is unable to decrypt SSH sessions. To determine why the server application closed the connection you will need to inspect the ssh logs on the server, possibly turning on debug logging to assist.

permanent link

answered 21 Feb '17, 05:26

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×25

question asked: 20 Feb '17, 01:48

question was seen: 1,249 times

last updated: 21 Feb '17, 05:26

p​o​w​e​r​e​d by O​S​Q​A