Hi,
Firstly I apologize for my insistence about this topic but it is very
important to me.
I cleared my head a little and I'm exposing my issue again:
There is a client machine integrated in LDAP server (389 DS). in this client
machine I tried to run "getent group", "sudo -l" or "id" and usually fail. I
have tried to run these commands without ssl and everything is ok. The
problem appears with ssl enabled.
I have captured traffic with wireshark and the file of the relevant packages
is attached here (It is a plain txt with 6 packages, sorry but I'm new with
wireshark and I don't know a better way to pass the code). Well, wireshark
says that the transmission window is full and the client closes the
connection.
Which could be the problem????
Regards,
Moisés.
2011/5/3 Dave Thompson <[email protected]>
> > From: [email protected] On Behalf Of Moisés Barba
> Pérez
> > Sent: Monday, 02 May, 2011 06:35
>
> > I need to create a cert with SHA1 hash. I have a problem with
> > AES256-SHA because of my versión of openssl related in the bug
> > https://bugzilla.redhat.com/show_bug.cgi?id=676384. Normally the cert
> > is created with TinyCA2, and I thought it was created with SHA1
> > not sure. When I exec "openssl ciphers -v" shows 3 ciphers with
> > sha = 256 and I don't know why.
>
> This doesn't follow. That bug is described as involving AES256-SHA
> but apparently is actually only SHA2 (which is a generic name
> for SHA224, SHA256, SHA384, SHA512, and now some variants).
> Maybe a server coincidentally used both a new ciphersuite and
> a new cert(&key) (someone upgrading security could well do both).
> Note the symptom was 0D0C50A1 (ASN1_item_verify unknown digest)
> and connection i.e. handshake did NOT succeed.
> *That* error can be caused by a disabled certificate hash.
>
> > Have you got any suggestion about how to create the cert,
> > or why are listed those 3 Ciphers with sha=256, or how to solve this???
>
> > > openssl ciphers -v
> > DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256)
> Mac=SHA1
> > DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256)
> Mac=SHA1
> > AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256)
> Mac=SHA1
> (were bold in HTML)
>
> These are SHA1 NOT "sha=256"; read what you posted.
> There are some new TLS1.2 ciphersuites that do
> use mac=SHA256, not yet supported by OpenSSL.
> But the hash used in a ciphersuite for data HMAC has
> no connection at all with the hash used to sign a cert.
>
> OpenSSL can do SHA2 certs (RSA/SHA2 for some time,
> DSA/SHA224,256 only 1.0 I think, ECDSA I'm not sure).
> openssl x509 -in certfile [-inform der] -noout -text
> in Signature Algorithm: indicates the hash for a cert.
>
> But the symptom you posted
> "SSL peer reports incorrect Message Authentication Code"
> is almost certainly NOT a problem with ANY certificate
> -- unless openldap is working very hard to deceive you,
> and I don't believe that for a moment. It does appear to
> give you only partial information about the handshake
> result; it may have been coded back when there were
> fewer options and this information was sufficient.
>
> Does the server log any (better) info at the same time?
> Are there more tracing/logging options you can enable?
>
> I see you tried openssl s_client, but defaulted cipher
> so it allowed AES256-SHA while you say your client is
> set to MEDIUM. Try s_client with -cipher MEDIUM to see
> exactly what is being negotiated by your client(s).
> (Or get a good network trace e.g. wireshark.)
> Try your client with specific suites RC4-SHA and RC4-MD5
> to see if it makes any difference (though it shouldn't).
> If the server allows eNULL (OpenSSL doesn't by default)
> try NULL-SHA and NULL-MD5 to make sure this is really
> MAC error and not something else reported misleadingly.
> (Or again get a good network trace.)
>
> If both ends of any SSL connection are implemented correctly
> and handshake succeeds, you should NOT get data MAC errors
> (or data decrypt), unless something is tampering with
> the socket data or memory -- hopefully accidentally.
> Is the client program only an ldap client or does it do
> other things? Multithread and/or using nonblocking I/O?
> Ditto the server (I'd guess it is as least one of those,
> but I'd expect it to be quite well debugged by now)?
> Do you have other SSL client(s) to the same server?
> Other SSL server(s) for this client?
>
> Are other apps using same OpenSSL on same systems OK?
> You indicate a centos-patched version of 0.9.8e.
> Personally I don't know about centos patches,
> but if that's relevant someone else might.
> Or you could try with build from vanilla source
> (and if so you might get more current also).
>
> Is there any firewalling or proxying going on
> that might alter data (though it shouldn't)?
> Can you get network traces that show the same data
> arriving at the server as leaving your client?
> (This will be very tedious unless you have eNULL.)
>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [email protected]
> Automated List Manager [email protected]
>
No. Time Source Destination Protocol Info
268 1.818361 192.168.55.105 192.168.55.101 TCP [TCP
Window Full] ldaps > 39950 [ACK] Seq=251435 Ack=4664 Win=30744 Len=248
TSV=20440326 TSER=715954
Frame 268 (314 bytes on wire, 314 bytes captured)
Arrival Time: May 5, 2011 18:41:13.588150000
[Time delta from previous captured frame: 0.000006000 seconds]
[Time delta from previous displayed frame: 0.000006000 seconds]
[Time since reference or first frame: 1.818361000 seconds]
Frame Number: 268
Frame Length: 314 bytes
Capture Length: 314 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp:ldap]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: CadmusCo_19:ab:7a (08:00:27:19:ab:7a), Dst: CadmusCo_47:fc:3e
(08:00:27:47:fc:3e)
Destination: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
Address: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
Address: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.55.105 (192.168.55.105), Dst: 192.168.55.101
(192.168.55.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 300
Identification: 0x9c01 (39937)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xadab [correct]
[Good: True]
[Bad : False]
Source: 192.168.55.105 (192.168.55.105)
Destination: 192.168.55.101 (192.168.55.101)
Transmission Control Protocol, Src Port: ldaps (636), Dst Port: 39950 (39950),
Seq: 251435, Ack: 4664, Len: 248
Source port: ldaps (636)
Destination port: 39950 (39950)
Sequence number: 251435 (relative sequence number)
[Next sequence number: 251683 (relative sequence number)]
Acknowledgement number: 4664 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 30744 (scaled)
Checksum: 0xfdb0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 20440326, TSecr 715954
[SEQ/ACK analysis]
[TCP Analysis Flags]
[The transmission window is now completely full]
No. Time Source Destination Protocol Info
269 1.818809 192.168.55.101 192.168.55.105 TCP 39950
> ldaps [FIN, ACK] Seq=4701 Ack=251683 Win=0 Len=0 TSV=715955 TSER=20440326
Frame 269 (66 bytes on wire, 66 bytes captured)
Arrival Time: May 5, 2011 18:41:13.588598000
[Time delta from previous captured frame: 0.000448000 seconds]
[Time delta from previous displayed frame: 0.000448000 seconds]
[Time since reference or first frame: 1.818809000 seconds]
Frame Number: 269
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: CadmusCo_47:fc:3e (08:00:27:47:fc:3e), Dst: CadmusCo_19:ab:7a
(08:00:27:19:ab:7a)
Destination: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
Address: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
Address: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.55.101 (192.168.55.101), Dst: 192.168.55.105
(192.168.55.105)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x51c9 (20937)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xf8db [correct]
[Good: True]
[Bad : False]
Source: 192.168.55.101 (192.168.55.101)
Destination: 192.168.55.105 (192.168.55.105)
Transmission Control Protocol, Src Port: 39950 (39950), Dst Port: ldaps (636),
Seq: 4701, Ack: 251683, Len: 0
Source port: 39950 (39950)
Destination port: ldaps (636)
Sequence number: 4701 (relative sequence number)
Acknowledgement number: 251683 (relative ack number)
Header length: 32 bytes
Flags: 0x11 (FIN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Window size: 0
Checksum: 0xbf5a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 715955, TSecr 20440326
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 268]
[The RTT to ACK the segment was: 0.000448000 seconds]
No. Time Source Destination Protocol Info
270 1.819390 192.168.55.101 192.168.55.105 TCP 39950
> ldaps [RST, ACK] Seq=4702 Ack=251683 Win=65688 Len=0 TSV=715956 TSER=20440326
Frame 270 (66 bytes on wire, 66 bytes captured)
Arrival Time: May 5, 2011 18:41:13.589179000
[Time delta from previous captured frame: 0.000581000 seconds]
[Time delta from previous displayed frame: 0.000581000 seconds]
[Time since reference or first frame: 1.819390000 seconds]
Frame Number: 270
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: CadmusCo_47:fc:3e (08:00:27:47:fc:3e), Dst: CadmusCo_19:ab:7a
(08:00:27:19:ab:7a)
Destination: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
Address: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
Address: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.55.101 (192.168.55.101), Dst: 192.168.55.105
(192.168.55.105)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x51ca (20938)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xf8da [correct]
[Good: True]
[Bad : False]
Source: 192.168.55.101 (192.168.55.101)
Destination: 192.168.55.105 (192.168.55.105)
Transmission Control Protocol, Src Port: 39950 (39950), Dst Port: ldaps (636),
Seq: 4702, Ack: 251683, Len: 0
Source port: 39950 (39950)
Destination port: ldaps (636)
Sequence number: 4702 (relative sequence number)
Acknowledgement number: 251683 (relative ack number)
Header length: 32 bytes
Flags: 0x14 (RST, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65688 (scaled)
Checksum: 0x9f42 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 715956, TSecr 20440326
No. Time Source Destination Protocol Info
271 1.819965 192.168.55.101 192.168.55.105 TCP 39951
> ldaps [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=715957 TSER=0 WS=3
Frame 271 (74 bytes on wire, 74 bytes captured)
Arrival Time: May 5, 2011 18:41:13.589754000
[Time delta from previous captured frame: 0.000575000 seconds]
[Time delta from previous displayed frame: 0.000575000 seconds]
[Time since reference or first frame: 1.819965000 seconds]
Frame Number: 271
Frame Length: 74 bytes
Capture Length: 74 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: CadmusCo_47:fc:3e (08:00:27:47:fc:3e), Dst: CadmusCo_19:ab:7a
(08:00:27:19:ab:7a)
Destination: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
Address: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
Address: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.55.101 (192.168.55.101), Dst: 192.168.55.105
(192.168.55.105)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x1ace (6862)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x2fcf [correct]
[Good: True]
[Bad : False]
Source: 192.168.55.101 (192.168.55.101)
Destination: 192.168.55.105 (192.168.55.105)
Transmission Control Protocol, Src Port: 39951 (39951), Dst Port: ldaps (636),
Seq: 0, Len: 0
Source port: 39951 (39951)
Destination port: ldaps (636)
Sequence number: 0 (relative sequence number)
Header length: 40 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 5840
Checksum: 0xb0ca [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (20 bytes)
Maximum segment size: 1460 bytes
SACK permitted
Timestamps: TSval 715957, TSecr 0
NOP
Window scale: 3 (multiply by 8)
No. Time Source Destination Protocol Info
272 1.820547 192.168.55.105 192.168.55.101 TCP ldaps
> 39951 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=20440330 TSER=715957
WS=3
Frame 272 (74 bytes on wire, 74 bytes captured)
Arrival Time: May 5, 2011 18:41:13.590336000
[Time delta from previous captured frame: 0.000582000 seconds]
[Time delta from previous displayed frame: 0.000582000 seconds]
[Time since reference or first frame: 1.820547000 seconds]
Frame Number: 272
Frame Length: 74 bytes
Capture Length: 74 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: CadmusCo_19:ab:7a (08:00:27:19:ab:7a), Dst: CadmusCo_47:fc:3e
(08:00:27:47:fc:3e)
Destination: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
Address: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
Address: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.55.105 (192.168.55.105), Dst: 192.168.55.101
(192.168.55.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x4a9d [correct]
[Good: True]
[Bad : False]
Source: 192.168.55.105 (192.168.55.105)
Destination: 192.168.55.101 (192.168.55.101)
Transmission Control Protocol, Src Port: ldaps (636), Dst Port: 39951 (39951),
Seq: 0, Ack: 1, Len: 0
Source port: ldaps (636)
Destination port: 39951 (39951)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 40 bytes
Flags: 0x12 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 5792
Checksum: 0xb428 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (20 bytes)
Maximum segment size: 1460 bytes
SACK permitted
Timestamps: TSval 20440330, TSecr 715957
NOP
Window scale: 3 (multiply by 8)
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 271]
[The RTT to ACK the segment was: 0.000582000 seconds]
No. Time Source Destination Protocol Info
287 1.920221 192.168.55.105 192.168.55.101 TCP 8807 >
39950 [RST, ACK] Seq=1 Ack=1 Win=3843 Len=0 TSV=20440656 TSER=715955
Frame 287 (66 bytes on wire, 66 bytes captured)
Arrival Time: May 5, 2011 18:41:13.690010000
[Time delta from previous captured frame: 0.001172000 seconds]
[Time delta from previous displayed frame: 0.001172000 seconds]
[Time since reference or first frame: 1.920221000 seconds]
Frame Number: 287
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: CadmusCo_19:ab:7a (08:00:27:19:ab:7a), Dst: CadmusCo_47:fc:3e
(08:00:27:47:fc:3e)
Destination: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
Address: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
Address: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.55.105 (192.168.55.105), Dst: 192.168.55.101
(192.168.55.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x9c02 (39938)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xaea2 [correct]
[Good: True]
[Bad : False]
Source: 192.168.55.105 (192.168.55.105)
Destination: 192.168.55.101 (192.168.55.101)
Transmission Control Protocol, Src Port: 8807 (8807), Dst Port: 39950 (39950),
Seq: 1, Ack: 1, Len: 0
Source port: 8807 (8807)
Destination port: 39950 (39950)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x14 (RST, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 3843
Checksum: 0x8f1e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 20440656, TSecr 715955
No. Time Source Destination Protocol Info
438 42.105057 192.168.55.101 192.168.55.105 TCP 39951
> ldaps [FIN, ACK] Seq=13672 Ack=26736 Win=49280 Len=0 TSV=756186 TSER=20440788
Frame 438 (66 bytes on wire, 66 bytes captured)
Arrival Time: May 5, 2011 18:41:53.874846000
[Time delta from previous captured frame: 4.651863000 seconds]
[Time delta from previous displayed frame: 4.651863000 seconds]
[Time since reference or first frame: 42.105057000 seconds]
Frame Number: 438
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: CadmusCo_47:fc:3e (08:00:27:47:fc:3e), Dst: CadmusCo_19:ab:7a
(08:00:27:19:ab:7a)
Destination: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
Address: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
Address: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.55.101 (192.168.55.101), Dst: 192.168.55.105
(192.168.55.105)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x1b1c (6940)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x2f89 [correct]
[Good: True]
[Bad : False]
Source: 192.168.55.101 (192.168.55.101)
Destination: 192.168.55.105 (192.168.55.105)
Transmission Control Protocol, Src Port: 39951 (39951), Dst Port: ldaps (636),
Seq: 13672, Ack: 26736, Len: 0
Source port: 39951 (39951)
Destination port: ldaps (636)
Sequence number: 13672 (relative sequence number)
Acknowledgement number: 26736 (relative ack number)
Header length: 32 bytes
Flags: 0x11 (FIN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Window size: 49280 (scaled)
Checksum: 0xa4b9 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 756186, TSecr 20440788
No. Time Source Destination Protocol Info
440 42.106100 192.168.55.101 192.168.55.105 TCP 39951
> ldaps [RST] Seq=13673 Win=0 Len=0
Frame 440 (54 bytes on wire, 54 bytes captured)
Arrival Time: May 5, 2011 18:41:53.875889000
[Time delta from previous captured frame: 0.000040000 seconds]
[Time delta from previous displayed frame: 0.000040000 seconds]
[Time since reference or first frame: 42.106100000 seconds]
Frame Number: 440
Frame Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: CadmusCo_47:fc:3e (08:00:27:47:fc:3e), Dst: CadmusCo_19:ab:7a
(08:00:27:19:ab:7a)
Destination: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
Address: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
Address: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.55.101 (192.168.55.101), Dst: 192.168.55.105
(192.168.55.105)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x4ab1 [correct]
[Good: True]
[Bad : False]
Source: 192.168.55.101 (192.168.55.101)
Destination: 192.168.55.105 (192.168.55.105)
Transmission Control Protocol, Src Port: 39951 (39951), Dst Port: ldaps (636),
Seq: 13673, Len: 0
Source port: 39951 (39951)
Destination port: ldaps (636)
Sequence number: 13673 (relative sequence number)
Header length: 20 bytes
Flags: 0x04 (RST)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 0
Checksum: 0xe6cd [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
No. Time Source Destination Protocol Info
441 42.106111 192.168.55.105 192.168.55.101 TCP ldaps
> 39951 [FIN, ACK] Seq=26773 Ack=13673 Win=49752 Len=0 TSV=20546651 TSER=756186
Frame 441 (66 bytes on wire, 66 bytes captured)
Arrival Time: May 5, 2011 18:41:53.875900000
[Time delta from previous captured frame: 0.000011000 seconds]
[Time delta from previous displayed frame: 0.000011000 seconds]
[Time since reference or first frame: 42.106111000 seconds]
Frame Number: 441
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: CadmusCo_19:ab:7a (08:00:27:19:ab:7a), Dst: CadmusCo_47:fc:3e
(08:00:27:47:fc:3e)
Destination: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
Address: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
Address: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.55.105 (192.168.55.105), Dst: 192.168.55.101
(192.168.55.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x5d6a (23914)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xed3a [correct]
[Good: True]
[Bad : False]
Source: 192.168.55.105 (192.168.55.105)
Destination: 192.168.55.101 (192.168.55.101)
Transmission Control Protocol, Src Port: ldaps (636), Dst Port: 39951 (39951),
Seq: 26773, Ack: 13673, Len: 0
Source port: ldaps (636)
Destination port: 39951 (39951)
Sequence number: 26773 (relative sequence number)
Acknowledgement number: 13673 (relative ack number)
Header length: 32 bytes
Flags: 0x11 (FIN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Window size: 49752 (scaled)
Checksum: 0x06d0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 20546651, TSecr 756186
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 440]
[The RTT to ACK the segment was: 0.000011000 seconds]
No. Time Source Destination Protocol Info
442 42.106117 192.168.55.101 192.168.55.105 TCP 39951
> ldaps [RST] Seq=13673 Win=0 Len=0
Frame 442 (54 bytes on wire, 54 bytes captured)
Arrival Time: May 5, 2011 18:41:53.875906000
[Time delta from previous captured frame: 0.000006000 seconds]
[Time delta from previous displayed frame: 0.000006000 seconds]
[Time since reference or first frame: 42.106117000 seconds]
Frame Number: 442
Frame Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: CadmusCo_47:fc:3e (08:00:27:47:fc:3e), Dst: CadmusCo_19:ab:7a
(08:00:27:19:ab:7a)
Destination: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
Address: CadmusCo_19:ab:7a (08:00:27:19:ab:7a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
Address: CadmusCo_47:fc:3e (08:00:27:47:fc:3e)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.55.101 (192.168.55.101), Dst: 192.168.55.105
(192.168.55.105)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x4ab1 [correct]
[Good: True]
[Bad : False]
Source: 192.168.55.101 (192.168.55.101)
Destination: 192.168.55.105 (192.168.55.105)
Transmission Control Protocol, Src Port: 39951 (39951), Dst Port: ldaps (636),
Seq: 13673, Len: 0
Source port: 39951 (39951)
Destination port: ldaps (636)
Sequence number: 13673 (relative sequence number)
Header length: 20 bytes
Flags: 0x04 (RST)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 0
Checksum: 0xe6cd [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
