I hope those who breathe in and out IP packets can help me on this:
I had a sniffer listening on the wire between Box_A and Box_B. I set up FTP port forwarding between the two boxes running OpenSSH:
Box_A$ ssh -L 2100:Box_B:21 user@Box_B
Then in a different xterm window on Box_A I ran FTP client in passive mode to connect to localhost Port#2100.
Here is what I found in summary:
Box A Port#36972 <----------> Box B Port#22
(traffic is encrypted)
Box A Port#36974 <----------> Box B Port#55530
(dir output seen in clear text)
Box A Port#36975 <----------> Box B Port#55532
(content of getting a text file can be seen in clear text)
I had always thought when FTP was port forwarded using OpenSSH the traffic would be encapsulated in the single SSH session. Why I am seeing two extra sessions on the wire between the two boxes?
I had a sniffer listening on the wire between Box_A and Box_B. I set up FTP port forwarding between the two boxes running OpenSSH:
Box_A$ ssh -L 2100:Box_B:21 user@Box_B
Then in a different xterm window on Box_A I ran FTP client in passive mode to connect to localhost Port#2100.
Here is what I found in summary:
Box A Port#36972 <----------> Box B Port#22
(traffic is encrypted)
Box A Port#36974 <----------> Box B Port#55530
(dir output seen in clear text)
Box A Port#36975 <----------> Box B Port#55532
(content of getting a text file can be seen in clear text)
I had always thought when FTP was port forwarded using OpenSSH the traffic would be encapsulated in the single SSH session. Why I am seeing two extra sessions on the wire between the two boxes?