PROJECTS: KERBEROS

Page last modified Fri Mar 11 15:02:29 2005

Kerberos tcpdumps

A working Heimdal on 5.x to Heimdal on 5.x rsh connection:

[root@thoth ~]# tcpdump -n host backforty and port not 23
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tl0, link-type EN10MB (Ethernet), capture size 96 bytes
14:55:54.738389 IP 192.168.23.42.56713 > 192.168.23.1.544: S 3259212536:3259212536(0) win 65535 
14:55:54.738505 IP 192.168.23.1.544 > 192.168.23.42.56713: S 1804635403:1804635403(0) ack 3259212537 win 65535 
14:55:54.738646 IP 192.168.23.42.56713 > 192.168.23.1.544: . ack 1 win 33304 
14:55:54.738811 IP 192.168.23.42.56713 > 192.168.23.1.544: P 1:7(6) ack 1 win 33304 
14:55:54.757475 IP 192.168.23.1.643 > 192.168.23.42.59507: S 1595998504:1595998504(0) win 65535 
14:55:54.757609 IP 192.168.23.42.59507 > 192.168.23.1.643: S 2041858936:2041858936(0) ack 1595998505 win 65535 
14:55:54.757753 IP 192.168.23.1.643 > 192.168.23.42.59507: . ack 1 win 33304 
14:55:54.838709 IP 192.168.23.1.544 > 192.168.23.42.56713: . ack 7 win 33304 
14:55:54.838840 IP 192.168.23.42.56713 > 192.168.23.1.544: P 7:43(36) ack 1 win 33304 
14:55:54.842102 IP 192.168.23.1.544 > 192.168.23.42.56713: P 1:2(1) ack 43 win 33304 
14:55:54.844370 IP 192.168.23.42.56713 > 192.168.23.1.544: P 43:47(4) ack 2 win 33304 
14:55:54.943689 IP 192.168.23.1.544 > 192.168.23.42.56713: . ack 47 win 33304 
14:55:54.943920 IP 192.168.23.42.56713 > 192.168.23.1.544: P 47:625(578) ack 2 win 33304 
14:55:54.946277 IP 192.168.23.1.544 > 192.168.23.42.56713: P 2:6(4) ack 625 win 33304 
14:55:55.045897 IP 192.168.23.42.56713 > 192.168.23.1.544: . ack 6 win 33304 
14:55:55.046019 IP 192.168.23.1.544 > 192.168.23.42.56713: P 6:97(91) ack 625 win 33304 
14:55:55.046434 IP 192.168.23.42.56713 > 192.168.23.1.544: P 625:633(8) ack 97 win 33304 
14:55:55.145687 IP 192.168.23.1.544 > 192.168.23.42.56713: . ack 633 win 33304 
14:55:55.145805 IP 192.168.23.42.56713 > 192.168.23.1.544: P 633:655(22) ack 97 win 33304 
14:55:55.178460 IP 192.168.23.1.544 > 192.168.23.42.56713: P 97:98(1) ack 655 win 33304 
14:55:55.277847 IP 192.168.23.42.56713 > 192.168.23.1.544: . ack 98 win 33304 
14:55:55.753843 IP 192.168.23.1.544 > 192.168.23.42.56713: P 98:102(4) ack 655 win 33304 
14:55:55.754480 IP 192.168.23.1.643 > 192.168.23.42.59507: F 1:1(0) ack 1 win 33304 
14:55:55.754594 IP 192.168.23.42.59507 > 192.168.23.1.643: . ack 2 win 33304 
14:55:55.755108 IP 192.168.23.1.544 > 192.168.23.42.56713: FP 102:202(100) ack 655 win 33304 
14:55:55.755242 IP 192.168.23.42.56713 > 192.168.23.1.544: . ack 203 win 33254 
14:55:55.755403 IP 192.168.23.42.56713 > 192.168.23.1.544: F 655:655(0) ack 203 win 33304 
14:55:55.755412 IP 192.168.23.42.59507 > 192.168.23.1.643: F 1:1(0) ack 2 win 33304 
14:55:55.755500 IP 192.168.23.1.544 > 192.168.23.42.56713: . ack 656 win 33303 
14:55:55.755601 IP 192.168.23.1.643 > 192.168.23.42.59507: . ack 2 win 33303 

A non-working MIT on 5.x to MIT on 4.x rsh connection:

[root@athena ~]# tcpdump -n host backforty and port not 23
tcpdump: listening on bge0
15:01:31.345533 192.168.23.42.55596 > 192.168.23.3.6667: P 2667953609:2667953638(29) ack 3112369545 win 33304  (DF)
15:01:31.442049 192.168.23.3.6667 > 192.168.23.42.55596: . ack 29 win 32942  (DF)
15:01:31.472139 192.168.23.3.6667 > 192.168.23.42.55596: P 1:78(77) ack 29 win 32942  (DF)
15:01:31.571275 192.168.23.42.55596 > 192.168.23.3.6667: . ack 78 win 33304  (DF)
15:01:33.451772 192.168.23.42.51961 > 192.168.23.3.53:  30318+ A? athena.seekingfire.prv. (40)
15:01:33.452266 192.168.23.3.53 > 192.168.23.42.51961:  30318* 1/1/0 A[|domain]
15:01:33.452505 192.168.23.42.62790 > 192.168.23.3.53:  30319+ AAAA? athena.seekingfire.prv. (40)
15:01:33.453481 192.168.23.3.53 > 192.168.23.42.62790:  30319* 0/1/0 (81)
15:01:33.454033 192.168.23.42.64809 > 192.168.23.3.544: S 1703590101:1703590101(0) win 65535  (DF)
15:01:33.454111 192.168.23.3.544 > 192.168.23.42.64809: S 1058307306:1058307306(0) ack 1703590102 win 65535  (DF)
15:01:33.454226 192.168.23.42.64809 > 192.168.23.3.544: . ack 1 win 33304  (DF)
15:01:33.454310 192.168.23.3.544 > 192.168.23.42.64809: . ack 1 win 32942  (DF)
15:01:33.454987 192.168.23.42.64544 > 192.168.23.3.53:  30320+ A? athena.seekingfire.prv. (40)
15:01:33.455459 192.168.23.3.53 > 192.168.23.42.64544:  30320* 1/1/0 A[|domain]
15:01:33.456473 192.168.23.42.59585 > 192.168.23.3.53:  30321+ A? athena.seekingfire.prv. (40)
15:01:33.456976 192.168.23.3.53 > 192.168.23.42.59585:  30321* 1/1/0 A[|domain]
15:01:33.457744 192.168.23.42.55270 > 192.168.23.3.53:  30322+ PTR? 3.23.168.192.in-addr.arpa. (43)
15:01:33.458176 192.168.23.3.53 > 192.168.23.42.55270:  30322* 1/1/1 (109)
15:01:33.458599 192.168.23.42.64809 > 192.168.23.3.544: P 1:7(6) ack 1 win 33304  (DF)
15:01:33.468091 192.168.23.3.2453 > 192.168.23.42.64810: S 2208447322:2208447322(0) win 65535  (DF)
15:01:33.468186 192.168.23.42.64810 > 192.168.23.3.2453: R 0:0(0) ack 2208447323 win 0 (DF)
15:01:33.468981 192.168.23.3.544 > 192.168.23.42.64809: F 1:1(0) ack 7 win 32942  (DF)
15:01:33.469093 192.168.23.42.64809 > 192.168.23.3.544: . ack 2 win 33304  (DF)
15:01:33.469160 192.168.23.42.64809 > 192.168.23.3.544: F 7:7(0) ack 2 win 33304  (DF)
15:01:33.469188 192.168.23.3.544 > 192.168.23.42.64809: . ack 8 win 32942  (DF)
15:01:33.473345 192.168.23.42.64887 > 192.168.23.3.53:  41950+ A? athena.seekingfire.prv. (40)
15:01:33.473793 192.168.23.3.53 > 192.168.23.42.64887:  41950* 1/1/0 A[|domain]
15:01:33.474031 192.168.23.42.61946 > 192.168.23.3.53:  41951+ AAAA? athena.seekingfire.prv. (40)
15:01:33.474297 192.168.23.3.53 > 192.168.23.42.61946:  41951* 0/1/0 (81)
15:01:33.474916 192.168.23.42.605 > 192.168.23.3.514: S 1637037097:1637037097(0) win 65535  (DF)
15:01:33.474963 192.168.23.3.514 > 192.168.23.42.605: R 0:0(0) ack 1637037098 win 0
15:01:34.475731 192.168.23.42.754 > 192.168.23.3.514: S 561837425:561837425(0) win 65535  (DF)
15:01:34.475811 192.168.23.3.514 > 192.168.23.42.754: R 0:0(0) ack 561837426 win 0