openssl & gmail problem
Brian Candler
B.Candler at pobox.com
Wed Nov 2 10:16:39 PST 2005
On Wed, Nov 02, 2005 at 02:17:15PM +0100, Meka[ni] wrote:
> On Wed, 2 Nov 2005 12:35:29 +0000
> Brian Candler <B.Candler at pobox.com> wrote:
>
> > Run tcpdump and/or ktrace to see what's happening.
> >
> > # tcpdump -i nv0 -n -s1500 -X tcp port 25
> >
> > When I do this, I see:
> >
> > < 220 mx.gmail.com ESMTP g1sm241248nfe
> > > STARTTLS
> > < 503 5.5.1 EHLO/HELO first g1sm241248nfe
> >
> This is what I get. I can not see anything enough readable.
Either look in the right-hand column for the text part of each packet, or
the left-hand part shows it in hex.
>
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on tun0, link-type NULL (BSD loopback), capture size 1500 bytes
> 14:07:03.627614 IP 82.208.205.163.59631 > 64.233.183.109.25: S 2803137835:2803137835(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 29846462 0>
> 0x0000: 4500 0040 63d0 4000 4006 be1d 52d0 cda3 E.. at c.@. at ...R...
> 0x0010: 40e9 b76d e8ef 0019 a714 7d2b 0000 0000 @..m......}+....
> 0x0020: b002 ffff a267 0000 0204 05b4 0101 0402 .....g..........
> 0x0030: 0103 0301 0101 080a 01c7 6bbe 0000 0000 ..........k.....
> 14:07:03.785968 IP 64.233.183.109.25 > 82.208.205.163.59631: S 1718924688:1718924688(0) ack 2803137836 win 8190 <mss 1448>
> 0x0000: 4500 002c ef4b 0000 f106 c1b5 40e9 b76d E..,.K...... at ..m
> 0x0010: 52d0 cda3 0019 e8ef 6674 b590 a714 7d2c R.......ft....},
> 0x0020: 6012 1ffe 360b 0000 0204 05a8 `...6.......
> 14:07:03.786320 IP 82.208.205.163.59631 > 64.233.183.109.25: . ack 1 win 65535
> 0x0000: 4500 0028 63d1 4000 4006 be34 52d0 cda3 E..(c. at .@..4R...
> 0x0010: 40e9 b76d e8ef 0019 a714 7d2c 6674 b591 @..m......},ft..
> 0x0020: 5010 ffff 6dba 0000 P...m...
> 14:07:03.946036 IP 64.233.183.109.25 > 82.208.205.163.59631: P 1:40(39) ack 1 win 5720
> 0x0000: 4510 004f c384 0000 3206 ac4a 40e9 b76d E..O....2..J at ..m
> 0x0010: 52d0 cda3 0019 e8ef 6674 b591 a714 7d2c R.......ft....},
> 0x0020: 5018 1658 d657 0000 3232 3020 6d78 2e67 P..X.W..220.mx.g
> 0x0030: 6d61 696c 2e63 6f6d 2045 534d 5450 207a mail.com.ESMTP.z
> 0x0040: 3733 736d 3233 3930 3536 6e66 620d 0a 73sm239056nfb..
Note the right hand side for the last three lines:
"220 mx.mail.com ESMTP z73sm239056nfb" + CRLF (0d 0a)
> 14:07:03.946545 IP 82.208.205.163.59631 > 64.233.183.109.25: P 1:11(10) ack 40 win 65535
> 0x0000: 4500 0032 63d2 4000 4006 be29 52d0 cda3 E..2c. at .@..)R...
> 0x0010: 40e9 b76d e8ef 0019 a714 7d2c 6674 b5b8 @..m......},ft..
> 0x0020: 5018 ffff 2b29 0000 5354 4152 5454 4c53 P...+)..STARTTLS
> 0x0030: 0d0a ..
"STARTTLS" + CRLF
> 14:07:04.096053 IP 64.233.183.109.25 > 82.208.205.163.59631: . ack 11 win 5720
> 0x0000: 4510 0028 c385 0000 3206 ac70 40e9 b76d E..(....2..p at ..m
> 0x0010: 52d0 cda3 0019 e8ef 6674 b5b8 a714 7d36 R.......ft....}6
> 0x0020: 5010 1658 5731 0000 P..XW1..
> 14:07:04.106000 IP 64.233.183.109.25 > 82.208.205.163.59631: P 40:82(42) ack 11 win 5720
> 0x0000: 4510 0052 c386 0000 3206 ac45 40e9 b76d E..R....2..E at ..m
> 0x0010: 52d0 cda3 0019 e8ef 6674 b5b8 a714 7d36 R.......ft....}6
> 0x0020: 5018 1658 88c2 0000 3530 3320 352e 352e P..X....503.5.5.
> 0x0030: 3120 4548 4c4f 2f48 454c 4f20 6669 7273 1.EHLO/HELO.firs
> 0x0040: 7420 7a37 3373 6d32 3339 3035 366e 6662 t.z73sm239056nfb
> 0x0050: 0d0a ..
"503 5.5.1 EHLO/HELO first z73sm239056nfb" + CRLF
> 14:07:04.112871 IP 82.208.205.163.59631 > 64.233.183.109.25: P 11:153(142) ack 82 win 65535
> 0x0000: 4500 00b6 63d3 4000 4006 bda4 52d0 cda3 E...c. at .@...R...
> 0x0010: 40e9 b76d e8ef 0019 a714 7d36 6674 b5e2 @..m......}6ft..
> 0x0020: 5018 ffff aa17 0000 808c 0103 0100 6300 P.............c.
> 0x0030: 0000 2000 0039 0000 3800 0035 0000 1600 .....9..8..5....
> 0x0040: 0013 0000 0a07 00c0 0000 3300 0032 0000 ..........3..2..
> 0x0050: 2f03 0080 0000 6600 0005 0000 0401 0080 /.....f.........
> 0x0060: 0800 8000 0063 0000 6200 0061 0000 1500 .....c..b..a....
> 0x0070: 0012 0000 0906 0040 0000 6500 0064 0000 ....... at ..e..d..
> 0x0080: 6000 0014 0000 1100 0008 0000 0604 0080 `...............
> 0x0090: 0000 0302 0080 a6a3 3dcd 03c8 5411 ea55 ........=...T..U
> 0x00a0: f2c7 b618 88dd 5790 28f8 51f9 93c5 38f5 ......W.(.Q...8.
> 0x00b0: 1df6 4011 5757 .. at .WW
> 14:07:04.306017 IP 64.233.183.109.25 > 82.208.205.163.59631: P 82:129(47) ack 153 win 5720
> 0x0000: 4510 0057 c387 0000 3206 ac3f 40e9 b76d E..W....2..?@..m
> 0x0010: 52d0 cda3 0019 e8ef 6674 b5e2 a714 7dc4 R.......ft....}.
> 0x0020: 5018 1658 4026 0000 3530 3220 352e 352e P..X@&..502.5.5.
> 0x0030: 3120 556e 7265 636f 676e 697a 6564 2063 1.Unrecognized.c
> 0x0040: 6f6d 6d61 6e64 207a 3733 736d 3233 3930 ommand.z73sm2390
> 0x0050: 3536 6e66 620d 0a 56nfb..
"502 5.5.1 Unrecognized command z73sm239056nfb" + CRLF
(looks like openssl has tried to start a TLS session anyway)
> 14:07:04.307248 IP 82.208.205.163.59631 > 64.233.183.109.25: F 153:153(0) ack 129 win 65535
> 0x0000: 4500 0028 63d4 4000 4006 be31 52d0 cda3 E..(c. at .@..1R...
> 0x0010: 40e9 b76d e8ef 0019 a714 7dc4 6674 b611 @..m......}.ft..
> 0x0020: 5011 ffff 6ca1 0000 P...l...
> 14:07:04.476178 IP 64.233.183.109.25 > 82.208.205.163.59631: F 129:129(0) ack 154 win 5720
> 0x0000: 4510 0028 c388 0000 3206 ac6d 40e9 b76d E..(....2..m at ..m
> 0x0010: 52d0 cda3 0019 e8ef 6674 b611 a714 7dc5 R.......ft....}.
> 0x0020: 5011 1658 5648 0000 P..XVH..
> 14:07:04.476571 IP 82.208.205.163.59631 > 64.233.183.109.25: . ack 130 win 943
> 0x0000: 4500 0028 63d5 4000 4006 be30 52d0 cda3 E..(c. at .@..0R...
> 0x0010: 40e9 b76d e8ef 0019 a714 7dc5 6674 b612 @..m......}.ft..
> 0x0020: 5010 03af 68f1 0000 P...h...
>
> 12 packets captured
> 18 packets received by filter
> 0 packets dropped by kernel
>
>
> --
> FreeB(eer)S(ex)D(rugs) are the real daemons!!!
>
More information about the freebsd-net
mailing list