[vpn-help] Updated package and problem reports

Peter Eisch peter at boku.net
Wed Aug 16 20:14:23 CDT 2006 

In the Trace app, is there a way to get (hex-coded) the packet that you're
getting from OS/application?  If not the whole packet, is there a way to at
least get the packet headers?  I have the problem down to one packet.  I can
see the encoded logging of the packet, I can verify that the encoded packet
is on the wire, I can verify the receipt of the encoded packet and I can see
the decoded packet as it is put on the wire.  I cannot tell from the trace
app (with everything selected) what is getting handed off.

This would help identify, indemnify if you will, what is happening.

eg:

ii : - address 207.46.18.94 to network 0.0.0.0/0.0.0.0, match
DB : phase2 sa found
FF : fragmenting offset = 0, fragsize = 478
== : esp hmac ( computed ) ( 12 bytes ) =
0x : a1bf3609 62672378 62f2dd8c
-> : send NAT-T:ESP packet to 66.162.50.84 ( 476 bytes ) =
0x : 0f871ab9 0000000d 61cdd11e 9d9c1672 fbbeeb33 49a044f8 f9a03db8 9f835400
0x : 43f38ac0 bd5fd30d 21d810c3 aa2043a9 2e5160c3 6d5f647f 902ebfea bd7e8dba
0x : a8d4d7b6 b6450631 e26f5e4b 2c7a0a75 54abeb49 3304607e bfdb225d 8c204ba7
0x : baa712d5 2b36e57b f486ae99 1c9d7a00 556c46e1 ac11ee6a 711c29fa d9008514
0x : f30d4bea e015b6a8 f725c752 91a7f3a0 984afae0 065ec92f 5da941ad 19757c09
0x : 266a5e34 a7f85400 35f1bf15 b5217068 8608ba70 425b32bf 642d818c 2d030735
0x : 7a4c9899 27bb56f2 8c2d230c 05da12a1 ff3a8742 d30db009 c37a5d70 9274bbf2
0x : d6952036 5ac32755 b009fba7 e96e96af 93819c33 c0abb0f5 e88d0013 f1332327
0x : 1a77ecb0 aee0b184 b845a532 e8f9e4fb c36b9120 794b9cc9 60f4974b 2afc59b4
0x : c3ffc42f 286d2e40 722d0817 d48aee0f 2ac5473d b7e9fbf1 4945e697 84b6e55e
0x : 176f7196 1bce13b8 8ead827e 706e9cef a24621e9 b52b2d76 53b489f4 7e209527
0x : 935b8987 f8a42d40 db85ce6f df959e8a 09380c95 253335fb b5bd4407 f0996992
0x : f4f0acc8 09087216 d7e6d2be 0a8e47f5 9e74c75b 8908c045 695fb85e 96135752
0x : f4bd5010 725cfa53 40714aed 350b4448 a016096e b1860dac 4ddd33b2 024b05bb
0x : b71a6e64 2c9e78a9 52de873e b8804718 a1bf3609 62672378 62f2dd8c
FF : fragmenting offset = 424, fragsize = 478

(upstream router)
19:15:58.979221 IP (tos 0x0, ttl  62, id 58136, offset 0, flags [none],
length: 504) 204.130.132.2.14845 > 66.162.50.84.4500: [udp sum ok] UDP,
length: 476
        0x0000:  4500 01f8 e318 0000 3e11 d261 cc82 8402  E.......>..a....
        0x0010:  42a2 3254 39fd 1194 01e4 4a84 0f87 1ab9  B.2T9.....J.....
        0x0020:  0000 000d 61cd d11e 9d9c 1672 fbbe eb33  ....a......r...3
        0x0030:  49a0 44f8 f9a0 3db8 9f83 5400 43f3 8ac0  I.D...=...T.C...
        0x0040:  bd5f d30d 21d8 10c3 aa20 43a9 2e51 60c3  ._..!.....C..Q`.
        0x0050:  6d5f 647f 902e bfea bd7e 8dba a8d4 d7b6  m_d......~......
        0x0060:  b645 0631 e26f 5e4b 2c7a 0a75 54ab eb49  .E.1.o^K,z.uT..I
        0x0070:  3304 607e bfdb 225d 8c20 4ba7 baa7 12d5  3.`~.."]..K.....
        0x0080:  2b36 e57b f486 ae99 1c9d 7a00 556c 46e1  +6.{......z.UlF.
        0x0090:  ac11 ee6a 711c 29fa d900 8514 f30d 4bea  ...jq.).......K.
        0x00a0:  e015 b6a8 f725 c752 91a7 f3a0 984a fae0  .....%.R.....J..
        0x00b0:  065e c92f 5da9 41ad 1975 7c09 266a 5e34  .^./].A..u|.&j^4
        0x00c0:  a7f8 5400 35f1 bf15 b521 7068 8608 ba70  ..T.5....!ph...p
        0x00d0:  425b 32bf 642d 818c 2d03 0735 7a4c 9899  B[2.d-..-..5zL..
        0x00e0:  27bb 56f2 8c2d 230c 05da 12a1 ff3a 8742  '.V..-#......:.B
        0x00f0:  d30d b009 c37a 5d70 9274 bbf2 d695 2036  .....z]p.t.....6
        0x0100:  5ac3 2755 b009 fba7 e96e 96af 9381 9c33  Z.'U.....n.....3
        0x0110:  c0ab b0f5 e88d 0013 f133 2327 1a77 ecb0  .........3#'.w..
        0x0120:  aee0 b184 b845 a532 e8f9 e4fb c36b 9120  .....E.2.....k..
        0x0130:  794b 9cc9 60f4 974b 2afc 59b4 c3ff c42f  yK..`..K*.Y..../
        0x0140:  286d 2e40 722d 0817 d48a ee0f 2ac5 473d  (m. at r-......*.G=
        0x0150:  b7e9 fbf1 4945 e697 84b6 e55e 176f 7196  ....IE.....^.oq.
        0x0160:  1bce 13b8 8ead 827e 706e 9cef a246 21e9  .......~pn...F!.
        0x0170:  b52b 2d76 53b4 89f4 7e20 9527 935b 8987  .+-vS...~..'.[..
        0x0180:  f8a4 2d40 db85 ce6f df95 9e8a 0938 0c95  ..- at ...o.....8..
        0x0190:  2533 35fb b5bd 4407 f099 6992 f4f0 acc8  %35...D...i.....
        0x01a0:  0908 7216 d7e6 d2be 0a8e 47f5 9e74 c75b  ..r.......G..t.[
        0x01b0:  8908 c045 695f b85e 9613 5752 f4bd 5010  ...Ei_.^..WR..P.
        0x01c0:  725c fa53 4071 4aed 350b 4448 a016 096e  r\.S at qJ.5.DH...n
        0x01d0:  b186 0dac 4ddd 33b2 024b 05bb b71a 6e64  ....M.3..K....nd
        0x01e0:  2c9e 78a9 52de 873e b880 4718 a1bf 3609  ,.x.R..>..G...6.
        0x01f0:  6267 2378 62f2 dd8c                      bg#xb...

(vpn concentrator forwarding the packet)
19:15:59.081875 IP (tos 0x0, ttl  63, id 29122, offset 0, flags [+], length:
444) 10.1.101.27.10357 > 207.46.18.94.80: P [bad tcp cksum 2cc1 (->2485)!]
392:796(404) ack 370 win 16191
        0x0000:  4500 01bc 71c2 2000 3f06 97d1 0a01 651b  E...q...?.....e.
        0x0010:  cf2e 125e 2875 0050 9198 3d9d 41ad dacf  ...^(u.P..=.A...
        0x0020:  5018 3f3f 2cc1 0000 4745 5420 2f72 6564  P.??,...GET./red
        0x0030:  6972 6563 742e 6a73 2048 5454 502f 312e  irect.js.HTTP/1.
        0x0040:  310d 0a41 6363 6570 743a 202a 2f2a 0d0a  1..Accept:.*/*..
        0x0050:  5265 6665 7265 723a 2068 7474 703a 2f2f  Referer:.http://
        0x0060:  7769 6e64 6f77 7375 7064 6174 652e 6d69  windowsupdate.mi
        0x0070:  6372 6f73 6f66 742e 636f 6d2f 0d0a 4163  crosoft.com/..Ac
        0x0080:  6365 7074 2d4c 616e 6775 6167 653a 2065  cept-Language:.e
        0x0090:  6e2d 7573 0d0a 4163 6365 7074 2d45 6e63  n-us..Accept-Enc
        0x00a0:  6f64 696e 673a 2067 7a69 702c 2064 6566  oding:.gzip,.def
        0x00b0:  6c61 7465 0d0a 4966 2d4d 6f64 6966 6965  late..If-Modifie
        0x00c0:  642d 5369 6e63 653a 2057 6564 2c20 3033  d-Since:.Wed,.03
        0x00d0:  204d 6179 2032 3030 3620 3136 3a32 393a  .May.2006.16:29:
        0x00e0:  3538 2047 4d54 3b20 6c65 6e67 7468 3d31  58.GMT;.length=1
        0x00f0:  3237 3031 0d0a 5573 6572 2d41 6765 6e74  2701..User-Agent
        0x0100:  3a20 4d6f 7a69 6c6c 612f 342e 3020 2863  :.Mozilla/4.0.(c
        0x0110:  6f6d 7061 7469 626c 653b 204d 5349 4520  ompatible;.MSIE.
        0x0120:  362e 303b 2057 696e 646f 7773 204e 5420  6.0;.Windows.NT.
        0x0130:  352e 313b 2053 5631 3b20 2e4e 4554 2043  5.1;.SV1;..NET.C
        0x0140:  4c52 2031 2e31 2e34 3332 323b 202e 4e45  LR.1.1.4322;..NE
        0x0150:  5420 434c 5220 322e 302e 3530 3732 3729  T.CLR.2.0.50727)
        0x0160:  0d0a 486f 7374 3a20 7769 6e64 6f77 7375  ..Host:.windowsu
        0x0170:  7064 6174 652e 6d69 6372 6f73 6f66 742e  pdate.microsoft.
        0x0180:  636f 6d0d 0a43 6f6e 6e65 6374 696f 6e3a  com..Connection:
        0x0190:  204b 6565 702d 416c 6976 650d 0a43 6f6f  .Keep-Alive..Coo
        0x01a0:  6b69 653a 204d 4331 3d47 5549 443d 6361  kie:.MC1=GUID=ca
        0x01b0:  3861 6362 3630 6237 6338 6335            8acb60b7c8c5

More information about the vpn-help mailing list