> -----Original Message----- > From: > [email protected] > > [mailto:[email protected] > illa.org] On Behalf Of Xu, Qiang (FXSGSC) > Sent: Thursday, April 09, 2009 10:29 AM > To: Rich Megginson; Markus Moeller > Cc: [email protected] > Subject: RE: SASL authentication > > Still, I have seen some strange packets in MozLDAP traffic: > ======================================== > 32 17.839052 13.198.98.107 13.198.98.35 LDAP > bindRequest(1) "<ROOT>" sasl > 33 17.917608 13.198.98.35 13.198.98.107 LDAP > bindResponse(1) saslBindInProgress > 35 17.919333 13.198.98.107 13.198.98.35 LDAP > bindRequest(2) "<ROOT>" [Malformed Packet] > 36 17.919637 13.198.98.35 13.198.98.107 LDAP > bindResponse(2) saslBindInProgress > 37 17.920316 13.198.98.107 13.198.98.35 LDAP > bindRequest(3) "<ROOT>" sasl > 38 17.920691 13.198.98.35 13.198.98.107 LDAP > bindResponse(3) success > ======================================== > I am not sure if packet 35 is normal or not? After all, it > says the packet is malformed. > > In contrast, a trace captured with OpenLDAP ldapsearch > utility does not have this malformat packet: > ======================================== > 22 24.805633 13.198.98.35 13.198.98.190 LDAP > bindResponse(1) saslBindInProgress > 28 26.616093 13.198.98.190 13.198.98.35 LDAP > bindRequest(2) "<ROOT>" sasl > 29 26.616459 13.198.98.35 13.198.98.190 LDAP > bindResponse(2) saslBindInProgress > 31 26.616705 13.198.98.190 13.198.98.35 LDAP > bindRequest(3) "<ROOT>" sasl > 32 26.633134 13.198.98.35 13.198.98.190 LDAP > bindResponse(3) success > ======================================== > Packet 28 is normal, compared to Packet 35 in the last trace. > > Will this Malformed Packet bring any side effect? Have you > guys ever see this kind of packet in your own MozLDAP network trace?
Just to let you know that this Malformed Packet is observed with WireShark 1.0.6, while the trace was captured with Ethereal 0.99.0. And through examination of both MozLDAP trace and OpenLDAP trace, packet 35 in MozLDAP trace is no different from packet 28 in OpenLDAP trace. Among the three binding requests in both traces, the first and the third ones are with Kerberos blob information, while the second (packet 35 in MozLDAP trace and Packet 28 in OpenLDAP trace) ones only indicate sasl mechanism in use is GSSAPI. But I still don't know why they look different in WireShark. Any suggestions? Thanks, Xu Qiang _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
