El día Montag, Mai 11, 2020 a las 06:24:52 +0200, Matthias Apitz escribió:
> Ah, yes. As this is just a dev host only, I set 'chmod 4755 /usr/bin/lsof'
> and now I see, the connecting client is one of our Java tools and I can
> look at the problem from this side.
>
With the knowledge which Java process it is causing, I'm able to simple
reproduce the message and with knowing the 4-tuple of the TCP connection to
identify the exchange in a capture with TCPDUMP sniffing on localhost
port 5432.
Below is the exchange. The visible strings are: 'sisis' (the PG user),
'sisis123' (its password in PG, a dummy password used for testing) and
'srap32dxr1' the hostname. The server is terminating the connection with
a F-pkg:
19:54:02.940205 IP 10.23.33.19.48438 > 10.23.33.19.5432: Flags [S], seq
3950072774, win 43690, options [mss 65495,sackOK,TS val 3334863612 ecr
0,nop,wscale 7], length 0
0x0000: 4500 003c e98b 4000 4006 fadc 0a17 2113 E..<..@.@.....!.
0x0010: 0a17 2113 bd36 1538 eb71 53c6 0000 0000 ..!..6.8.qS.....
0x0020: a002 aaaa 5682 0000 0204 ffd7 0402 080a ....V...........
0x0030: c6c5 fafc 0000 0000 0103 0307 ............
19:54:02.940217 IP 10.23.33.19.5432 > 10.23.33.19.48438: Flags [S.], seq
749639996, ack 3950072775, win 43690, options [mss 65495,sackOK,TS val
3334863612 ecr 3334863612,nop,wscale 7], length 0
0x0000: 4500 003c 0000 4000 4006 e468 0a17 2113 E..<..@.@..h..!.
0x0010: 0a17 2113 1538 bd36 2cae 993c eb71 53c7 ..!..8.6,..<.qS.
0x0020: a012 aaaa 5682 0000 0204 ffd7 0402 080a ....V...........
0x0030: c6c5 fafc c6c5 fafc 0103 0307 ............
19:54:02.940226 IP 10.23.33.19.48438 > 10.23.33.19.5432: Flags [.], ack 1, win
342, options [nop,nop,TS val 3334863612 ecr 3334863612], length 0
0x0000: 4500 0034 e98c 4000 4006 fae3 0a17 2113 E..4..@.@.....!.
0x0010: 0a17 2113 bd36 1538 eb71 53c7 2cae 993d ..!..6.8.qS.,..=
0x0020: 8010 0156 567a 0000 0101 080a c6c5 fafc ...VVz..........
0x0030: c6c5 fafc ....
19:54:02.948877 IP 10.23.33.19.48438 > 10.23.33.19.5432: Flags [P.], seq 1:513,
ack 1, win 342, options [nop,nop,TS val 3334863621 ecr 3334863612], length 512
0x0000: 4500 0234 e98d 4000 4006 f8e2 0a17 2113 E..4..@.@.....!.
0x0010: 0a17 2113 bd36 1538 eb71 53c7 2cae 993d ..!..6.8.qS.,..=
0x0020: 8018 0156 587a 0000 0101 080a c6c5 fb05 ...VXz..........
0x0030: c6c5 fafc 0200 0200 0000 0000 7372 6170 ............srap
0x0040: 3332 6478 7231 0000 0000 0000 0000 0000 32dxr1..........
0x0050: 0000 0000 0000 0000 0000 0a73 6973 6973 ...........sisis
0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0070: 0000 0000 0000 0000 0005 7369 7369 7331 ..........sisis1
0x0080: 3233 0000 0000 0000 0000 0000 0000 0000 23..............
0x0090: 0000 0000 0000 0000 0800 0000 0000 0000 ................
0x00a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00b0: 0000 0000 0000 0001 0200 0604 0801 0000 ................
0x00c0: 0000 0002 0000 0000 0000 0000 0000 0000 ................
0x00d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00f0: 0000 ..
19:54:02.948886 IP 10.23.33.19.5432 > 10.23.33.19.48438: Flags [.], ack 513,
win 350, options [nop,nop,TS val 3334863621 ecr 3334863621], length 0
0x0000: 4500 0034 6004 4000 4006 846c 0a17 2113 E..4`.@.@..l..!.
0x0010: 0a17 2113 1538 bd36 2cae 993d eb71 55c7 ..!..8.6,..=.qU.
0x0020: 8010 015e 567a 0000 0101 080a c6c5 fb05 ...^Vz..........
0x0030: c6c5 fb05 ....
19:54:02.948970 IP 10.23.33.19.48438 > 10.23.33.19.5432: Flags [P.], seq
513:612, ack 1, win 342, options [nop,nop,TS val 3334863621 ecr 3334863621],
length 99
0x0000: 4500 0097 e98e 4000 4006 fa7e 0a17 2113 E.....@.@..~..!.
0x0010: 0a17 2113 bd36 1538 eb71 55c7 2cae 993d ..!..6.8.qU.,..=
0x0020: 8018 0156 56dd 0000 0101 080a c6c5 fb05 ...VV...........
0x0030: c6c5 fb05 0201 0063 0000 0000 0000 0000 .......c........
0x0040: 0000 0600 0000 0000 0800 0000 0000 0000 ................
0x0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0070: 0135 3132 0000 0003 0000 0000 e200 1801 .512............
0x0080: 0c07 cdff 85ee ef65 7fff ffff d602 0800 .......e........
0x0090: 0680 0648 0000 00 ...H...
19:54:02.948974 IP 10.23.33.19.5432 > 10.23.33.19.48438: Flags [.], ack 612,
win 350, options [nop,nop,TS val 3334863621 ecr 3334863621], length 0
0x0000: 4500 0034 6005 4000 4006 846b 0a17 2113 E..4`.@.@..k..!.
0x0010: 0a17 2113 1538 bd36 2cae 993d eb71 562a ..!..8.6,..=.qV*
0x0020: 8010 015e 567a 0000 0101 080a c6c5 fb05 ...^Vz..........
0x0030: c6c5 fb05 ....
19:54:04.176794 IP 10.23.33.19.5432 > 10.23.33.19.48438: Flags [F.], seq 1, ack
612, win 350, options [nop,nop,TS val 3334864848 ecr 3334863621], length 0
0x0000: 4500 0034 6006 4000 4006 846a 0a17 2113 E..4`.@.@..j..!.
0x0010: 0a17 2113 1538 bd36 2cae 993d eb71 562a ..!..8.6,..=.qV*
0x0020: 8011 015e 567a 0000 0101 080a c6c5 ffd0 ...^Vz..........
0x0030: c6c5 fb05 ....
19:54:04.176861 IP 10.23.33.19.48438 > 10.23.33.19.5432: Flags [.], ack 2, win
342, options [nop,nop,TS val 3334864849 ecr 3334864848], length 0
0x0000: 4500 0034 e98f 4000 4006 fae0 0a17 2113 E..4..@.@.....!.
0x0010: 0a17 2113 bd36 1538 eb71 562a 2cae 993e ..!..6.8.qV*,..>
0x0020: 8010 0156 567a 0000 0101 080a c6c5 ffd1 ...VVz..........
0x0030: c6c5 ffd0 ....
19:54:04.177085 IP 10.23.33.19.48438 > 10.23.33.19.5432: Flags [F.], seq 612,
ack 2, win 342, options [nop,nop,TS val 3334864849 ecr 3334864848], length 0
0x0000: 4500 0034 e990 4000 4006 fadf 0a17 2113 E..4..@.@.....!.
0x0010: 0a17 2113 bd36 1538 eb71 562a 2cae 993e ..!..6.8.qV*,..>
0x0020: 8011 0156 567a 0000 0101 080a c6c5 ffd1 ...VVz..........
0x0030: c6c5 ffd0 ....
19:54:04.177096 IP 10.23.33.19.5432 > 10.23.33.19.48438: Flags [.], ack 613,
win 350, options [nop,nop,TS val 3334864849 ecr 3334864849], length 0
0x0000: 4500 0034 0000 4000 4006 e470 0a17 2113 E..4..@.@..p..!.
0x0010: 0a17 2113 1538 bd36 2cae 993e eb71 562b ..!..8.6,..>.qV+
0x0020: 8010 015e b7e3 0000 0101 080a c6c5 ffd1 ...^............
0x0030: c6c5 ffd1 ....
--
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
