Date: Wed, 2 Nov 2005 18:16:33 +0000 From: Brian Candler <B.Candler@pobox.com> To: "Meka[ni]" <mekalists@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: openssl & gmail problem Message-ID: <20051102181633.GA37799@uk.tiscali.com> In-Reply-To: <20051102141715.60c8dd6a@hal9000> References: <20051102093504.64edad5f@hal9000> <20051102123529.GA36617@uk.tiscali.com> <20051102141715.60c8dd6a@hal9000>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 02, 2005 at 02:17:15PM +0100, Meka[ni] wrote: > On Wed, 2 Nov 2005 12:35:29 +0000 > Brian Candler <B.Candler@pobox.com> wrote: > > > Run tcpdump and/or ktrace to see what's happening. > > > > # tcpdump -i nv0 -n -s1500 -X tcp port 25 > > > > When I do this, I see: > > > > < 220 mx.gmail.com ESMTP g1sm241248nfe > > > STARTTLS > > < 503 5.5.1 EHLO/HELO first g1sm241248nfe > > > This is what I get. I can not see anything enough readable. Either look in the right-hand column for the text part of each packet, or the left-hand part shows it in hex. > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on tun0, link-type NULL (BSD loopback), capture size 1500 bytes > 14:07:03.627614 IP 82.208.205.163.59631 > 64.233.183.109.25: S 2803137835:2803137835(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 29846462 0> > 0x0000: 4500 0040 63d0 4000 4006 be1d 52d0 cda3 E..@c.@.@...R... > 0x0010: 40e9 b76d e8ef 0019 a714 7d2b 0000 0000 @..m......}+.... > 0x0020: b002 ffff a267 0000 0204 05b4 0101 0402 .....g.......... > 0x0030: 0103 0301 0101 080a 01c7 6bbe 0000 0000 ..........k..... > 14:07:03.785968 IP 64.233.183.109.25 > 82.208.205.163.59631: S 1718924688:1718924688(0) ack 2803137836 win 8190 <mss 1448> > 0x0000: 4500 002c ef4b 0000 f106 c1b5 40e9 b76d E..,.K......@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b590 a714 7d2c R.......ft....}, > 0x0020: 6012 1ffe 360b 0000 0204 05a8 `...6....... > 14:07:03.786320 IP 82.208.205.163.59631 > 64.233.183.109.25: . ack 1 win 65535 > 0x0000: 4500 0028 63d1 4000 4006 be34 52d0 cda3 E..(c.@.@..4R... > 0x0010: 40e9 b76d e8ef 0019 a714 7d2c 6674 b591 @..m......},ft.. > 0x0020: 5010 ffff 6dba 0000 P...m... > 14:07:03.946036 IP 64.233.183.109.25 > 82.208.205.163.59631: P 1:40(39) ack 1 win 5720 > 0x0000: 4510 004f c384 0000 3206 ac4a 40e9 b76d E..O....2..J@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b591 a714 7d2c R.......ft....}, > 0x0020: 5018 1658 d657 0000 3232 3020 6d78 2e67 P..X.W..220.mx.g > 0x0030: 6d61 696c 2e63 6f6d 2045 534d 5450 207a mail.com.ESMTP.z > 0x0040: 3733 736d 3233 3930 3536 6e66 620d 0a 73sm239056nfb.. Note the right hand side for the last three lines: "220 mx.mail.com ESMTP z73sm239056nfb" + CRLF (0d 0a) > 14:07:03.946545 IP 82.208.205.163.59631 > 64.233.183.109.25: P 1:11(10) ack 40 win 65535 > 0x0000: 4500 0032 63d2 4000 4006 be29 52d0 cda3 E..2c.@.@..)R... > 0x0010: 40e9 b76d e8ef 0019 a714 7d2c 6674 b5b8 @..m......},ft.. > 0x0020: 5018 ffff 2b29 0000 5354 4152 5454 4c53 P...+)..STARTTLS > 0x0030: 0d0a .. "STARTTLS" + CRLF > 14:07:04.096053 IP 64.233.183.109.25 > 82.208.205.163.59631: . ack 11 win 5720 > 0x0000: 4510 0028 c385 0000 3206 ac70 40e9 b76d E..(....2..p@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b5b8 a714 7d36 R.......ft....}6 > 0x0020: 5010 1658 5731 0000 P..XW1.. > 14:07:04.106000 IP 64.233.183.109.25 > 82.208.205.163.59631: P 40:82(42) ack 11 win 5720 > 0x0000: 4510 0052 c386 0000 3206 ac45 40e9 b76d E..R....2..E@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b5b8 a714 7d36 R.......ft....}6 > 0x0020: 5018 1658 88c2 0000 3530 3320 352e 352e P..X....503.5.5. > 0x0030: 3120 4548 4c4f 2f48 454c 4f20 6669 7273 1.EHLO/HELO.firs > 0x0040: 7420 7a37 3373 6d32 3339 3035 366e 6662 t.z73sm239056nfb > 0x0050: 0d0a .. "503 5.5.1 EHLO/HELO first z73sm239056nfb" + CRLF > 14:07:04.112871 IP 82.208.205.163.59631 > 64.233.183.109.25: P 11:153(142) ack 82 win 65535 > 0x0000: 4500 00b6 63d3 4000 4006 bda4 52d0 cda3 E...c.@.@...R... > 0x0010: 40e9 b76d e8ef 0019 a714 7d36 6674 b5e2 @..m......}6ft.. > 0x0020: 5018 ffff aa17 0000 808c 0103 0100 6300 P.............c. > 0x0030: 0000 2000 0039 0000 3800 0035 0000 1600 .....9..8..5.... > 0x0040: 0013 0000 0a07 00c0 0000 3300 0032 0000 ..........3..2.. > 0x0050: 2f03 0080 0000 6600 0005 0000 0401 0080 /.....f......... > 0x0060: 0800 8000 0063 0000 6200 0061 0000 1500 .....c..b..a.... > 0x0070: 0012 0000 0906 0040 0000 6500 0064 0000 .......@..e..d.. > 0x0080: 6000 0014 0000 1100 0008 0000 0604 0080 `............... > 0x0090: 0000 0302 0080 a6a3 3dcd 03c8 5411 ea55 ........=...T..U > 0x00a0: f2c7 b618 88dd 5790 28f8 51f9 93c5 38f5 ......W.(.Q...8. > 0x00b0: 1df6 4011 5757 ..@.WW > 14:07:04.306017 IP 64.233.183.109.25 > 82.208.205.163.59631: P 82:129(47) ack 153 win 5720 > 0x0000: 4510 0057 c387 0000 3206 ac3f 40e9 b76d E..W....2..?@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b5e2 a714 7dc4 R.......ft....}. > 0x0020: 5018 1658 4026 0000 3530 3220 352e 352e P..X@&..502.5.5. > 0x0030: 3120 556e 7265 636f 676e 697a 6564 2063 1.Unrecognized.c > 0x0040: 6f6d 6d61 6e64 207a 3733 736d 3233 3930 ommand.z73sm2390 > 0x0050: 3536 6e66 620d 0a 56nfb.. "502 5.5.1 Unrecognized command z73sm239056nfb" + CRLF (looks like openssl has tried to start a TLS session anyway) > 14:07:04.307248 IP 82.208.205.163.59631 > 64.233.183.109.25: F 153:153(0) ack 129 win 65535 > 0x0000: 4500 0028 63d4 4000 4006 be31 52d0 cda3 E..(c.@.@..1R... > 0x0010: 40e9 b76d e8ef 0019 a714 7dc4 6674 b611 @..m......}.ft.. > 0x0020: 5011 ffff 6ca1 0000 P...l... > 14:07:04.476178 IP 64.233.183.109.25 > 82.208.205.163.59631: F 129:129(0) ack 154 win 5720 > 0x0000: 4510 0028 c388 0000 3206 ac6d 40e9 b76d E..(....2..m@..m > 0x0010: 52d0 cda3 0019 e8ef 6674 b611 a714 7dc5 R.......ft....}. > 0x0020: 5011 1658 5648 0000 P..XVH.. > 14:07:04.476571 IP 82.208.205.163.59631 > 64.233.183.109.25: . ack 130 win 943 > 0x0000: 4500 0028 63d5 4000 4006 be30 52d0 cda3 E..(c.@.@..0R... > 0x0010: 40e9 b76d e8ef 0019 a714 7dc5 6674 b612 @..m......}.ft.. > 0x0020: 5010 03af 68f1 0000 P...h... > > 12 packets captured > 18 packets received by filter > 0 packets dropped by kernel > > > -- > FreeB(eer)S(ex)D(rugs) are the real daemons!!! >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051102181633.GA37799>