In message <88031027-d5b8-4f48-947d-294302fac...@dukhovni.org>
Viktor Dukhovni writes:
> Post a PCAP file of a single failed TLS handshake. I know the person
> at comcast in charge of their email transport security. I can probably
> get them to fix it once we nail down the problem, assuming it is not overly
> aggressive settings on your end.
>
> --
> Viktor.
Viktor,
If you are still interested below is a tcpdump.
If not interested, please just delete.
Curtis
# tcpdump -n -i em1 -K -l -t -vvv -X 'net 96.114.154.0/24 || net
2001:558:fe16:19:96:114:154:0/120' | & tee /tmp/dumpfile
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
IP (tos 0x0, ttl 53, id 60614, offset 0, flags [DF], proto TCP (6), length 60)
96.114.154.163.59007 > 192.34.84.171.25: Flags [S], seq 2932514262, win
14600, options [mss 1460,nop,nop,TS val 3786830096 ecr 0,nop,wscale 3], length 0
0x0000: 4500 003c ecc6 4000 3506 4912 6072 9aa3 E..<..@.5.I.`r..
0x0010: c022 54ab e67f 0019 aeca 9dd6 0000 0000 ."T.............
0x0020: a002 3908 7c18 0000 0204 05b4 0101 080a ..9.|...........
0x0030: e1b6 7110 0000 0000 0103 0303 ..q.........
IP (tos 0x0, ttl 64, id 32208, offset 0, flags [DF], proto TCP (6), length 60)
192.34.84.171.25 > 96.114.154.163.59007: Flags [S.], seq 277202429, ack
2932514263, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3607830461
ecr 3786830096], length 0
0x0000: 4500 003c 7dd0 4000 4006 ad08 c022 54ab E..<}.@.@...."T.
0x0010: 6072 9aa3 0019 e67f 1085 c5fd aeca 9dd7 `r..............
0x0020: a012 ffff e7c0 0000 0204 05b4 0103 0306 ................
0x0030: 0101 080a d70b 1fbd e1b6 7110 ..........q.
IP (tos 0x0, ttl 53, id 60615, offset 0, flags [DF], proto TCP (6), length 52)
96.114.154.163.59007 > 192.34.84.171.25: Flags [.], seq 1, ack 1, win 1825,
options [nop,nop,TS val 3786830144 ecr 3607830461], length 0
0x0000: 4500 0034 ecc7 4000 3506 4919 6072 9aa3 E..4..@.5.I.`r..
0x0010: c022 54ab e67f 0019 aeca 9dd7 1085 c5fe ."T.............
0x0020: 8010 0721 0c3a 0000 0101 080a e1b6 7140 ...!.:........q@
0x0030: d70b 1fbd ....
IP (tos 0x0, ttl 64, id 32211, offset 0, flags [DF], proto TCP (6), length 97)
192.34.84.171.25 > 96.114.154.163.59007: Flags [P.], seq 1:46, ack 1, win
1040, options [nop,nop,TS val 3607830691 ecr 3786830144], length 45
0x0000: 4500 0061 7dd3 4000 4006 ace0 c022 54ab E..a}.@.@...."T.
0x0010: 6072 9aa3 0019 e67f 1085 c5fe aeca 9dd7 `r..............
0x0020: 8018 0410 fc2b 0000 0101 080a d70b 20a3 .....+..........
0x0030: e1b6 7140 3232 3020 6d74 6133 2e73 6f6d ..q...@220.mta3.som
0x0040: 6572 7669 6c6c 652e 6f63 636e 632e 636f erville.occnc.co
0x0050: 6d20 4553 4d54 5020 506f 7374 6669 780d m.ESMTP.Postfix.
0x0060: 0a .
IP (tos 0x0, ttl 53, id 60616, offset 0, flags [DF], proto TCP (6), length 52)
96.114.154.163.59007 > 192.34.84.171.25: Flags [.], seq 1, ack 46, win
1825, options [nop,nop,TS val 3786830374 ecr 3607830691], length 0
0x0000: 4500 0034 ecc8 4000 3506 4918 6072 9aa3 E..4..@.5.I.`r..
0x0010: c022 54ab e67f 0019 aeca 9dd7 1085 c62b ."T............+
0x0020: 8010 0721 0a41 0000 0101 080a e1b6 7226 ...!.A........r&
0x0030: d70b 20a3 ....
IP (tos 0x0, ttl 53, id 60617, offset 0, flags [DF], proto TCP (6), length 89)
96.114.154.163.59007 > 192.34.84.171.25: Flags [P.], seq 1:38, ack 46, win
1825, options [nop,nop,TS val 3786830374 ecr 3607830691], length 37
0x0000: 4500 0059 ecc9 4000 3506 48f2 6072 9aa3 E..Y..@.5.H.`r..
0x0010: c022 54ab e67f 0019 aeca 9dd7 1085 c62b ."T............+
0x0020: 8018 0721 5038 0000 0101 080a e1b6 7226 ...!P8........r&
0x0030: d70b 20a3 4548 4c4f 2072 6573 716d 7461 ....EHLO.resqmta
0x0040: 2d70 6f2d 3034 762e 7379 732e 636f 6d63 -po-04v.sys.comc
0x0050: 6173 742e 6e65 740d 0a ast.net..
IP (tos 0x0, ttl 64, id 32212, offset 0, flags [DF], proto TCP (6), length 200)
192.34.84.171.25 > 96.114.154.163.59007: Flags [P.], seq 46:194, ack 38,
win 1040, options [nop,nop,TS val 3607830739 ecr 3786830374], length 148
0x0000: 4500 00c8 7dd4 4000 4006 ac78 c022 54ab E...}.@.@..x."T.
0x0010: 6072 9aa3 0019 e67f 1085 c62b aeca 9dfc `r.........+....
0x0020: 8018 0410 9707 0000 0101 080a d70b 20d3 ................
0x0030: e1b6 7226 3235 302d 6d74 6133 2e73 6f6d ..r&250-mta3.som
0x0040: 6572 7669 6c6c 652e 6f63 636e 632e 636f erville.occnc.co
0x0050: 6d0d 0a32 3530 2d50 4950 454c 494e 494e m..250-PIPELININ
0x0060: 470d 0a32 3530 2d53 495a 4520 3130 3234 G..250-SIZE.1024
0x0070: 3030 3030 0d0a 3235 302d 5652 4659 0d0a 0000..250-VRFY..
0x0080: 3235 302d 4554 524e 0d0a 3235 302d 5354 250-ETRN..250-ST
0x0090: 4152 5454 4c53 0d0a 3235 302d 454e 4841 ARTTLS..250-ENHA
0x00a0: 4e43 4544 5354 4154 5553 434f 4445 530d NCEDSTATUSCODES.
0x00b0: 0a32 3530 2d38 4249 544d 494d 450d 0a32 .250-8BITMIME..2
0x00c0: 3530 2044 534e 0d0a 50.DSN..
IP (tos 0x0, ttl 53, id 60618, offset 0, flags [DF], proto TCP (6), length 62)
96.114.154.163.59007 > 192.34.84.171.25: Flags [P.], seq 38:48, ack 194,
win 1959, options [nop,nop,TS val 3786830422 ecr 3607830739], length 10
0x0000: 4500 003e ecca 4000 3506 490c 6072 9aa3 E..>..@.5.I.`r..
0x0010: c022 54ab e67f 0019 aeca 9dfc 1085 c6bf ."T.............
0x0020: 8018 07a7 c637 0000 0101 080a e1b6 7256 .....7........rV
0x0030: d70b 20d3 5354 4152 5454 4c53 0d0a ....STARTTLS..
IP (tos 0x0, ttl 64, id 32213, offset 0, flags [DF], proto TCP (6), length 82)
192.34.84.171.25 > 96.114.154.163.59007: Flags [P.], seq 194:224, ack 48,
win 1040, options [nop,nop,TS val 3607830787 ecr 3786830422], length 30
0x0000: 4500 0052 7dd5 4000 4006 aced c022 54ab E..R}.@.@...."T.
0x0010: 6072 9aa3 0019 e67f 1085 c6bf aeca 9e06 `r..............
0x0020: 8018 0410 f4b5 0000 0101 080a d70b 2103 ..............!.
0x0030: e1b6 7256 3232 3020 322e 302e 3020 5265 ..rV220.2.0.0.Re
0x0040: 6164 7920 746f 2073 7461 7274 2054 4c53 ady.to.start.TLS
0x0050: 0d0a ..
IP (tos 0x0, ttl 53, id 60619, offset 0, flags [DF], proto TCP (6), length 167)
96.114.154.163.59007 > 192.34.84.171.25: Flags [P.], seq 48:163, ack 224,
win 1959, options [nop,nop,TS val 3786830470 ecr 3607830787], length 115
0x0000: 4500 00a7 eccb 4000 3506 48a2 6072 9aa3 E.....@.5.H.`r..
0x0010: c022 54ab e67f 0019 aeca 9e06 1085 c6dd ."T.............
0x0020: 8018 07a7 4af4 0000 0101 080a e1b6 7286 ....J.........r.
0x0030: d70b 2103 1603 0100 6e01 0000 6a03 0356 ..!.....n...j..V
0x0040: 997f bb65 5bfc 2526 05ac 1d29 7165 2834 ...e[.%&...)qe(4
0x0050: a7d3 418c 740a 7522 08e2 1f9b 0ca7 ee00 ..A.t.u"........
0x0060: 0012 0033 0032 002f 0039 0038 0035 0005 ...3.2./.9.8.5..
0x0070: 0004 00ff 0100 002f 0023 0000 000d 0022 ......./.#....."
0x0080: 0020 0601 0602 0603 0501 0502 0503 0401 ................
0x0090: 0402 0403 0301 0302 0303 0201 0202 0203 ................
0x00a0: 0101 000f 0001 01 .......
IP (tos 0x0, ttl 64, id 32214, offset 0, flags [DF], proto TCP (6), length 59)
192.34.84.171.25 > 96.114.154.163.59007: Flags [P.], seq 224:231, ack 163,
win 1040, options [nop,nop,TS val 3607830835 ecr 3786830470], length 7
0x0000: 4500 003b 7dd6 4000 4006 ad03 c022 54ab E..;}.@.@...."T.
0x0010: 6072 9aa3 0019 e67f 1085 c6dd aeca 9e79 `r.............y
0x0020: 8018 0410 c8f9 0000 0101 080a d70b 2133 ..............!3
0x0030: e1b6 7286 1503 0300 0202 28 ..r.......(
IP (tos 0x0, ttl 64, id 32215, offset 0, flags [DF], proto TCP (6), length 52)
192.34.84.171.25 > 96.114.154.163.59007: Flags [F.], seq 231, ack 163, win
1040, options [nop,nop,TS val 3607830836 ecr 3786830470], length 0
0x0000: 4500 0034 7dd7 4000 4006 ad09 c022 54ab E..4}.@.@...."T.
0x0010: 6072 9aa3 0019 e67f 1085 c6e4 aeca 9e79 `r.............y
0x0020: 8011 0410 0b05 0000 0101 080a d70b 2134 ..............!4
0x0030: e1b6 7286 ..r.
IP (tos 0x0, ttl 53, id 60620, offset 0, flags [DF], proto TCP (6), length 52)
96.114.154.163.59007 > 192.34.84.171.25: Flags [F.], seq 163, ack 231, win
1959, options [nop,nop,TS val 3786830518 ecr 3607830835], length 0
0x0000: 4500 0034 eccc 4000 3506 4914 6072 9aa3 E..4..@.5.I.`r..
0x0010: c022 54ab e67f 0019 aeca 9e79 1085 c6e4 ."T........y....
0x0020: 8011 07a7 073f 0000 0101 080a e1b6 72b6 .....?........r.
0x0030: d70b 2133 ..!3
IP (tos 0x0, ttl 64, id 32216, offset 0, flags [DF], proto TCP (6), length 52)
192.34.84.171.25 > 96.114.154.163.59007: Flags [F.], seq 231, ack 164, win
1040, options [nop,nop,TS val 3607830883 ecr 3786830518], length 0
0x0000: 4500 0034 7dd8 4000 4006 ad08 c022 54ab E..4}.@.@...."T.
0x0010: 6072 9aa3 0019 e67f 1085 c6e4 aeca 9e7a `r.............z
0x0020: 8011 0410 0aa5 0000 0101 080a d70b 2163 ..............!c
0x0030: e1b6 72b6 ..r.
IP (tos 0x0, ttl 53, id 60621, offset 0, flags [DF], proto TCP (6), length 52)
96.114.154.163.59007 > 192.34.84.171.25: Flags [.], seq 164, ack 232, win
1959, options [nop,nop,TS val 3786830519 ecr 3607830836], length 0
0x0000: 4500 0034 eccd 4000 3506 4913 6072 9aa3 E..4..@.5.I.`r..
0x0010: c022 54ab e67f 0019 aeca 9e7a 1085 c6e5 ."T........z....
0x0020: 8010 07a7 073c 0000 0101 080a e1b6 72b7 .....<........r.
0x0030: d70b 2134 ..!4
