> > I took a closer look at this second TCP session with tethereal. > > > > Here is it: > > > > 10.1.0.57 is the client, 10.1.0.3 is the server > > > > 41 6.488846 10.1.0.57 -> 10.1.0.3 TCP 33041 > 389 [SYN] > > Seq=2664529133 Ack=0 Win=5840 Len=0 42 6.489711 10.1.0.3 -> 10.1.0.57 > > TCP 389 > 33041 [SYN, ACK] Seq=3888408187 Ack=2664529134 Win=16384 Len=0 > > 43 6.489753 10.1.0.57 -> 10.1.0.3 TCP 33041 > 389 [ACK] > > Seq=2664529134 Ack=3888408188 Win=5840 Len=0 44 6.491937 10.1.0.57 -> > > 10.1.0.3 LDAP MsgId=1 MsgType=Extended Request 45 6.495114 > > 10.1.0.3 -> 10.1.0.57 LDAP MsgId=1 MsgType=Bad message type (24) 46 > > 6.495155 10.1.0.57 -> 10.1.0.3 TCP 33041 > 389 [ACK] Seq=2664529165 > > Ack=3888408202 Win=5840 Len=0 47 6.495470 10.1.0.57 -> 10.1.0.3 > > LDAP Invalid LDAP packet 48 6.497238 10.1.0.3 -> 10.1.0.57 TCP 389 > > > 33041 [FIN, ACK] Seq=3888408202 Ack=2664529289 Win=17396 Len=0 50 > > 6.529037 10.1.0.57 -> 10.1.0.3 TCP 33041 > 389 [ACK] Seq=2664529289 > > Ack=3888408203 Win=5840 Len=0 >
> yet your tethereal output is interlaced with some LDAP > debugging messages, one is the server sending a "Bad message type" message to > the client and the client sending a "LDAP Invalid LDAP packet" message back > to the server?? How is it possible that LDAP messages are being exchanged > when the second ssldump output doesn't show *any* payload moving across the > wire? I really appreciate you taking the time to look at this. I can't say 100%, but I suspect that tethreal is *trying* to interpert/decode everything on TCP port 389 as LDAP. What it sees though is the SSL/TLS handshake/data and so it spews meaningless LDAP protocol errors. Dax Kelson ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]