Packet Analysis – PC1 to PC2
This is a very simple packet analysis to show what happens when we connect (ssh in this case) from PC1 to the IP address of PC2.
[edit] I might come back to this and edit it when I have more time. I hope to show more about what ssh is doing with key-exchanging and a more detail explination on information within the whole trace. This was more of an exercise on posting the information.
Firstly PC1 needs to know how to get to PC2 on a layer2 (switched network) so it does and ARP broadcast, on hearing the Broadcast PC2 responds to the ARP request as the owner of the IP address with its MAC address. As seen in the picture below as packets 1 & 2.
Now PC1 knows the MAC address it can start to connect to the SSH daemon running on PC2, as SSH is a TCP protocol it starts the three-way handshake. Packet 4 shows the [SYN] synchronise bit set in the TCP header, packet 5 show the [ACK] acknowledgement to the [SYN] in packet 4 and a [SYN] of its own. Packet 6 is the [ACK] to [SYN] in packet 5.
From this point on the two PCs are connected, when its time to finish the connection PC 1 set the [FIN] finish bit in the TCP header, PC2 responds with an [ACK] and also sends a [FIN] packets 63 & 64
