From owner-freebsd-net@FreeBSD.ORG Wed Nov 2 18:16:39 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1841516A41F for ; Wed, 2 Nov 2005 18:16:39 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4742E43D53 for ; Wed, 2 Nov 2005 18:16:36 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn (localhost [127.0.0.1]) by thorn.pobox.com (Postfix) with ESMTP id 810739D; Wed, 2 Nov 2005 13:00:46 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id 02C43803; Wed, 2 Nov 2005 13:00:44 -0500 (EST) Received: from brian by mappit.local.linnet.org with local (Exim 4.54 (FreeBSD)) id 1EXNA1-0009pv-5K; Wed, 02 Nov 2005 18:16:33 +0000 Date: Wed, 2 Nov 2005 18:16:33 +0000 From: Brian Candler To: "Meka[ni]" Message-ID: <20051102181633.GA37799@uk.tiscali.com> References: <20051102093504.64edad5f@hal9000> <20051102123529.GA36617@uk.tiscali.com> <20051102141715.60c8dd6a@hal9000> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051102141715.60c8dd6a@hal9000> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: openssl & gmail problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2005 18:16:39 -0000 On Wed, Nov 02, 2005 at 02:17:15PM +0100, Meka[ni] wrote: > On Wed, 2 Nov 2005 12:35:29 +0000 > Brian Candler wrote: > > > Run tcpdump and/or ktrace to see what's happening. > > > > # tcpdump -i nv0 -n -s1500 -X tcp port 25 > > > > When I do this, I see: > > > > < 220 mx.gmail.com ESMTP g1sm241248nfe > > > STARTTLS > > < 503 5.5.1 EHLO/HELO first g1sm241248nfe > > > This is what I get. I can not see anything enough readable. Either look in the right-hand column for the text part of each packet, or the left-hand part shows it in hex. > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on tun0, link-type NULL (BSD loopback), capture size 1500 bytes > 14:07:03.627614 IP 82.208.205.163.59631 > 64.233.183.109.25: S 2803137835:2803137835(0) win 65535 > 0x0000: 4500 0040 63d0 4000 4006 be1d 52d0 cda3 E..@c.@.@...R... > 0x0010: 40e9 b76d e8ef 0019 a714 7d2b 0000 0000 @..m......}+.... > 0x0020: b002 ffff a267 0000 0204 05b4 0101 0402 .....g.......... > 0x0030: 0103 0301 0101 080a 01c7 6bbe 0000 0000 ..........k..... > 14:07:03.785968 IP 64.233.183.109.25 > 82.208.205.163.59631: S 1718924688:1718924688(0) ack 2803137836 win 8190 > 0x0000: 4500 002c ef4b 0000 f106 c1b5 40e9 b76d E..,.K......@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b590 a714 7d2c R.......ft....}, > 0x0020: 6012 1ffe 360b 0000 0204 05a8 `...6....... > 14:07:03.786320 IP 82.208.205.163.59631 > 64.233.183.109.25: . ack 1 win 65535 > 0x0000: 4500 0028 63d1 4000 4006 be34 52d0 cda3 E..(c.@.@..4R... > 0x0010: 40e9 b76d e8ef 0019 a714 7d2c 6674 b591 @..m......},ft.. > 0x0020: 5010 ffff 6dba 0000 P...m... > 14:07:03.946036 IP 64.233.183.109.25 > 82.208.205.163.59631: P 1:40(39) ack 1 win 5720 > 0x0000: 4510 004f c384 0000 3206 ac4a 40e9 b76d E..O....2..J@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b591 a714 7d2c R.......ft....}, > 0x0020: 5018 1658 d657 0000 3232 3020 6d78 2e67 P..X.W..220.mx.g > 0x0030: 6d61 696c 2e63 6f6d 2045 534d 5450 207a mail.com.ESMTP.z > 0x0040: 3733 736d 3233 3930 3536 6e66 620d 0a 73sm239056nfb.. Note the right hand side for the last three lines: "220 mx.mail.com ESMTP z73sm239056nfb" + CRLF (0d 0a) > 14:07:03.946545 IP 82.208.205.163.59631 > 64.233.183.109.25: P 1:11(10) ack 40 win 65535 > 0x0000: 4500 0032 63d2 4000 4006 be29 52d0 cda3 E..2c.@.@..)R... > 0x0010: 40e9 b76d e8ef 0019 a714 7d2c 6674 b5b8 @..m......},ft.. > 0x0020: 5018 ffff 2b29 0000 5354 4152 5454 4c53 P...+)..STARTTLS > 0x0030: 0d0a .. "STARTTLS" + CRLF > 14:07:04.096053 IP 64.233.183.109.25 > 82.208.205.163.59631: . ack 11 win 5720 > 0x0000: 4510 0028 c385 0000 3206 ac70 40e9 b76d E..(....2..p@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b5b8 a714 7d36 R.......ft....}6 > 0x0020: 5010 1658 5731 0000 P..XW1.. > 14:07:04.106000 IP 64.233.183.109.25 > 82.208.205.163.59631: P 40:82(42) ack 11 win 5720 > 0x0000: 4510 0052 c386 0000 3206 ac45 40e9 b76d E..R....2..E@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b5b8 a714 7d36 R.......ft....}6 > 0x0020: 5018 1658 88c2 0000 3530 3320 352e 352e P..X....503.5.5. > 0x0030: 3120 4548 4c4f 2f48 454c 4f20 6669 7273 1.EHLO/HELO.firs > 0x0040: 7420 7a37 3373 6d32 3339 3035 366e 6662 t.z73sm239056nfb > 0x0050: 0d0a .. "503 5.5.1 EHLO/HELO first z73sm239056nfb" + CRLF > 14:07:04.112871 IP 82.208.205.163.59631 > 64.233.183.109.25: P 11:153(142) ack 82 win 65535 > 0x0000: 4500 00b6 63d3 4000 4006 bda4 52d0 cda3 E...c.@.@...R... > 0x0010: 40e9 b76d e8ef 0019 a714 7d36 6674 b5e2 @..m......}6ft.. > 0x0020: 5018 ffff aa17 0000 808c 0103 0100 6300 P.............c. > 0x0030: 0000 2000 0039 0000 3800 0035 0000 1600 .....9..8..5.... > 0x0040: 0013 0000 0a07 00c0 0000 3300 0032 0000 ..........3..2.. > 0x0050: 2f03 0080 0000 6600 0005 0000 0401 0080 /.....f......... > 0x0060: 0800 8000 0063 0000 6200 0061 0000 1500 .....c..b..a.... > 0x0070: 0012 0000 0906 0040 0000 6500 0064 0000 .......@..e..d.. > 0x0080: 6000 0014 0000 1100 0008 0000 0604 0080 `............... > 0x0090: 0000 0302 0080 a6a3 3dcd 03c8 5411 ea55 ........=...T..U > 0x00a0: f2c7 b618 88dd 5790 28f8 51f9 93c5 38f5 ......W.(.Q...8. > 0x00b0: 1df6 4011 5757 ..@.WW > 14:07:04.306017 IP 64.233.183.109.25 > 82.208.205.163.59631: P 82:129(47) ack 153 win 5720 > 0x0000: 4510 0057 c387 0000 3206 ac3f 40e9 b76d E..W....2..?@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b5e2 a714 7dc4 R.......ft....}. > 0x0020: 5018 1658 4026 0000 3530 3220 352e 352e P..X@&..502.5.5. > 0x0030: 3120 556e 7265 636f 676e 697a 6564 2063 1.Unrecognized.c > 0x0040: 6f6d 6d61 6e64 207a 3733 736d 3233 3930 ommand.z73sm2390 > 0x0050: 3536 6e66 620d 0a 56nfb.. "502 5.5.1 Unrecognized command z73sm239056nfb" + CRLF (looks like openssl has tried to start a TLS session anyway) > 14:07:04.307248 IP 82.208.205.163.59631 > 64.233.183.109.25: F 153:153(0) ack 129 win 65535 > 0x0000: 4500 0028 63d4 4000 4006 be31 52d0 cda3 E..(c.@.@..1R... > 0x0010: 40e9 b76d e8ef 0019 a714 7dc4 6674 b611 @..m......}.ft.. > 0x0020: 5011 ffff 6ca1 0000 P...l... > 14:07:04.476178 IP 64.233.183.109.25 > 82.208.205.163.59631: F 129:129(0) ack 154 win 5720 > 0x0000: 4510 0028 c388 0000 3206 ac6d 40e9 b76d E..(....2..m@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b611 a714 7dc5 R.......ft....}. > 0x0020: 5011 1658 5648 0000 P..XVH.. > 14:07:04.476571 IP 82.208.205.163.59631 > 64.233.183.109.25: . ack 130 win 943 > 0x0000: 4500 0028 63d5 4000 4006 be30 52d0 cda3 E..(c.@.@..0R... > 0x0010: 40e9 b76d e8ef 0019 a714 7dc5 6674 b612 @..m......}.ft.. > 0x0020: 5010 03af 68f1 0000 P...h... > > 12 packets captured > 18 packets received by filter > 0 packets dropped by kernel > > > -- > FreeB(eer)S(ex)D(rugs) are the real daemons!!! >