Jason 🍸🫧Mar 1
Feb 28 at 3:50amWeb
Show threadRockWolfFeb 28
@astrid Please enlighten me^^
Show threadFeb 28
@derrockwolf if you tcpdump without filters you get a firehose of packets dumped to the terminal. over ssh it's worse because now that firehose has to go over the series of tubes to your computer and house. very bad!
Show threadRyan Castellucci (they/them) Mar 1
@astrid @derrockwolf I think I have some code to write. This could be solved programmatically.
Show threadalina🐾💖✨🏳️‍⚧️Mar 1

@ryanc @astrid @derrockwolf waaa i got turned into a meme >~>

https://girldick.gay/@alina/116144672281560969

alina🐾💖✨🏳️‍⚧️ (@[email protected])

thinking back to when i was a child and wondering why my ssh session and PC froze when i observed a tcpdump of said connection from the other end of it.

nyastodon
Show threadRockWolfMar 1
@alina @ryanc @astrid 🤭
Show threaddatenwolfMar 1

@astrid @derrockwolf

Well that, and also for every packet that's going through those hoses to your house, a packet telling you about that packet is generated and sent over that hose, too.

Which means that the number of packets per time grows by a 2^n law, i.e. exponentially.

Show threadWilfried KlaebeMar 1

And you might even flood yourself with tcpdumping the ssh connection you are tcpdumping over.

@astrid @derrockwolf

Show threadKroppebMar 1
@wonka @astrid @derrockwolf ran into this issue 2 weeks ago lol. I was too lazy to figure out how to filter it so I switched the ssh connection to wifi so I could still dump the entire Ethernet interface
Show threadWilfried KlaebeMar 2

"not tcp port 22" could already be enough in a lot of cases.

@Kroppeb @astrid @derrockwolf

Show threadMar 2
@wonka @Kroppeb @derrockwolf unfortunately still doesn't solve the problem of getting firehosed if you do this on a host serving prod traffic
Show threadvxoMar 1

@astrid @derrockwolf well if you're extremely lucky and using ssh -C it might work in your favor

I used to have this box once that had a funky Soekris encryption accelerator card in it which, best I could tell, OpenSSH detected and used. Those are no longer beneficial with current CPUs, but dang, that thing noticeably sped up ssh transfers. (I used to scp tons of data to and from the machine.)

Show threadStoneBear Mar 1
@astrid oops... DONE THAT...
Show threadrk: it’s hyphen-minus actuallyMar 1

@astrid

Sure is a lotta SSH traffic.

Show threadFabos (not an OS)Mar 1
@[email protected] hrhr .... nice
Show threadMalcolm HerbertMar 1
@astrid accidentally catting a binary file to a serial console is just as annoying but with added barrage of beeping ...
Show threadStuart Longland (VK4MSL)Mar 1
@astrid Could be worse… imagine WireShark over RDP/VNC/XDMCP…
Show threadMar 2
@stuartl eh, that doesn't cause RDP/VNC/XDMCP to freeze up usually
Show threadStuart Longland (VK4MSL)Mar 2

@astrid It just generates lots and LOTS of traffic.

Probably what kills SSH and Telnet is the sheer number of packets.