I am implementing a server and have an issue with the handshaking. When I get the arp request the response is given ok, then I get the SYN. I respond to the SYN with a SYN ACK but I don't get an ACK back.
The sequence numbers and ack's seem to be in order as well as the id's, the checksums add up aswell to. Any ideas why the SYN ACK is not getting recieved?
Arp Request:
0000 ff ff ff ff ff ff e0 3f 49 b7 8e 39 08 06 00 01
0010 08 00 06 04 00 01 e0 3f 49 b7 8e 39 c0 a8 00 01
0020 00 00 00 00 00 00 c0 a8 00 0c
Arp reply:
0000 ff ff ff ff ff ff 00 14 a5 76 19 3f 08 06 00 01
0010 08 00 06 04 00 02 00 14 a5 76 19 3f c0 a8 00 0c
0020 e0 3f 49 b7 8e 39 e0 3f 49 b7 00 00 00 00 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00
SYN:
0000 00 14 a5 76 19 3f e0 3f 49 b7 8e 39 08 00 45 00
0010 00 34 1e d2 40 00 80 06 5a 94 c0 a8 00 01 c0 a8
0020 00 0c 13 79 00 50 95 01 61 8e 00 00 00 00 80 02
0030 20 00 c3 59 00 00 02 04 05 b4 01 03 03 08 01 01
0040 04 02
SYN ACK:
0000 e0 3f 49 b7 8e 39 00 14 a5 76 19 3f 08 00 45 00
0010 00 2c 1e d2 40 00 80 06 5a 9c c0 a8 00 0c c0 a8
0020 00 01 00 50 13 79 d6 a2 5f 1b 95 01 61 8f 60 12
0030 05 ee d0 e6 00 00 02 04 05 78 00 00
Related
Has anyone seen (fixed?) a problem with strings of zeroes in audio data captured with the AL5645 codec microphone input on the Coral dev board? It's happening for me with default settings using arecord, as well as my python code using PyAudio. 16 bit (mono) samples, sample rates 16000Hz and 44100Hz. e.g. 83 ce 34 0b 09 3f 00 00 00 00 00 00 2b 0e 2b 0e b0 d0 5a b9 ee d9 00 00 00 00 75 44 75 44 75 44 ba 38 8a ff e6 c6 00 00 00 00 00 e7 00 e7 00 e7 85 26 f4 46 bc 2e
?
Cheers,
Mark
I use Nginx 1.19.6 and OpenSSL 1.1.1i.
But I checked my server support client-initiated secure renegotiation... (https://www.immuniweb.com/ssl/?id=Ek4FSF6C)
I don't know why my server supports client-initiated secure renegotiation.
Check Code:
openssl s_client -connect gjan.info:443 -msg -tls1_2
Result:
---
R
RENEGOTIATING
>>> ??? [length 0005]
16 03 03 00 f6
>>> TLS 1.2, Handshake [length 00de], ClientHello
01 00 00 da 03 03 cb bf ab b8 6f a1 31 14 2d fb
ad 63 aa d2 15 c6 5d fc 8c 19 fc db 4c 7f 5b d8
f1 f1 fd f3 29 fa 00 00 36 c0 2c c0 30 00 9f cc
a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00
6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0
13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 01
00 00 7b ff 01 00 0d 0c 1b a5 84 2c 92 28 da 6e
0c 84 5f c4 00 00 00 0e 00 0c 00 00 09 67 6a 61
6e 2e 69 6e 66 6f 00 0b 00 04 03 00 01 02 00 0a
00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23
00 00 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e
04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b
08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03
03 01 02 01 03 02 02 02 04 02 05 02 06 02
<<< ??? [length 0005]
15 03 03 00 1a
<<< TLS 1.2, Alert [length 0002], warning no_renegotiation
01 64
>>> ??? [length 0005]
15 03 03 00 1a
>>> TLS 1.2, Alert [length 0002], fatal handshake_failure
02 28
547636304368:error:14094153:SSL routines:ssl3_read_bytes:no renegotiation:../ssl/record/rec_layer_s3.c:1560:
Is just ImmuniWeb error or really my web server supported? If supported how can I disable?
It's just immuniweb. Qualys/ssllabs correctly shows
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No
The first means the RFC5746 negotiation during handshake works; the second and third mean actual renegotiation initiated by the client fails.
PS: this isn't really a programming question or problem, but as long as others haven't voted to close I won't bother.
It might not be possible to use a setting in nginx to solve this security issue. However, you might refer nginx developers to this answer so they can make proper changes in their codebase. This is NOT just immuniweb as the other answer indicates.
The SSL_OP_NO_RENEGOTIATION option were added in OpenSSL 1.1.1. To make immuniweb give you the same score as we have (A+) you need to set SSL_OP_NO_RENEGOTIATION in order to disable all renegotiation in TLSv1.2 and earlier. This needs to be set where the SSL_CTX is created. You might also need to make additional changes in order to get the wanted scoring.
SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method());
...
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_RENEGOTIATION);
Source: SSL_CTX_set_options man 1.1.1
I am trying to return hexadecimal string as response from my AWS Lambda function. When it reaches to the client the data seems to be modified.
Data :
47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00
ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00
01 00 01 00 00 08 04 00 03 04 04 00 3b
Hexadecimal Excaped Data ( Sent Data ):
\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\x00\x00\x00"
"\xff\xff\xff\x21\xf9\x04\x01\x00\x00\x01\x00\x2c\x00\x00\x00\x00"
"\x01\x00\x01\x00\x00\x08\x04\x00\x03\x04\x04\x00\x3b
Received Data
47 49 46 38 39 61 01 00 01 00 c2 80 00 00 00 00
00 c3 bf c3 bf c3 bf 21 c3 b9 04 01 00 00 01 00
2c 00 00 00 00 01 00 01 00 00 08 04 00 03 04 04
00 3b
How to fix this?
Last time I checked it was not very explicit in the doc, but API Gateway is really made for json (or similar) and support for binary is 'on the roadmap' but clearly doesn't seem to be a priority. It converts everything it sends to utf-8.
Comparing precisely your original data with the received one you can see it :
47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 08 04 00 03 04 04 00 3b
47 49 46 38 39 61 01 00 01 00 c2 80 00 00 00 00 00 c3 bf c3 bf c3 bf 21 c3 b9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 08 04 00 03 04 04 00 3b
Everything under 0x7f is OK because the unicode code point is the same as the encoded byte (U+0047 -> 47), but for 0x80 or more the problem arises : U+0080 -> c2 80, U+00FF -> c3 bf and so on.
We had a similar problem recently : binary data was corrupted and bigger when sent through Gateway than with direct access to our backend. It was because a lot of bytes get replaced by Unicode special 'replacement character' aka 'U+FFFD' aka '0xEF 0xBF 0xBD'.
How to fix ? We just stopped using Gateway but if you can afford your data to be bigger, you can base64 encode it.
I'm trying to read public transport cards and I've figured out the data format mostly but the record dates and times are a mystery. Some data:
e1 a2 00 00 ce 04 05 b1 7e 00 68 22 0a 10 00 ce - 01.03.2014 23:36
e4 a2 00 00 ce 04 e5 7b 7e 00 e4 2e 0a 10 00 e9 - 04.03.2014 16:31
e4 a2 00 00 4c 04 43 8c d0 07 30 00 01 00 00 72 - 04.03.2014 18:42
e4 a2 00 00 ce 04 65 8d 7e 00 7c 17 0a 10 00 a2 - 04.03.2014 18:51
ea a2 00 00 ce 04 25 63 7e 00 70 09 0a 10 00 f1 - 10.03.2014 13:13
ec a2 00 00 ce 04 25 63 7e 00 70 09 0a 10 00 da - 12.03.2014 13:13
f3 a2 00 00 ce 04 85 69 7e 00 64 3b 0a 10 00 9d - 19.03.2014 14:04
f5 a2 00 00 ce 04 e5 89 7e 00 70 22 0a 10 00 ba - 21.03.2014 18:23
f6 a2 00 00 ce 04 6a 00 82 01 68 22 2a 10 00 df - 22.03.2014 00:03
fb a2 00 00 ce 04 85 75 7e 00 84 17 0a 10 00 2a - 27.03.2014 15:40
fb a2 00 00 ce 04 a5 91 7e 00 78 17 0a 10 00 a6 - 27.03.2014 19:25
c1 a2 28 00 ce 04 0b 6b 00 00 74 17 08 10 04 94 - 28.01.2014 14:16
c7 a2 00 00 ce 04 a5 5d 7e 00 6c 09 0a 10 00 1b - 03.02.2014 12:29
c7 a2 00 00 ce 04 25 6c 7e 00 68 2d 0a 10 00 68 - 03.02.2014 14:25
c7 a2 0e 00 ce 04 eb 6d 00 00 88 17 08 10 04 45 - 03.02.2014 14:39
ce a2 00 00 ce 04 85 52 7e 00 68 09 0a 10 00 77 - 10.02.2014 11:00
ce a2 00 00 ce 04 e5 5c 7e 00 64 09 0a 10 00 58 - 10.02.2014 12:23
eb a2 00 00 ce 04 85 41 7e 00 80 22 0a 10 00 dd - 11.03.2014 08:44
eb a2 00 00 ce 04 85 6a 7e 00 a4 28 0a 10 00 66 - 11.03.2014 14:12
eb a2 20 00 ce 04 8b 6e 00 00 7c 17 08 10 04 e0 - 11.03.2014 14:44
|| || || || ** ** ** ** **
Date? Time?
Stars represent known data (as in I know what those mean and they aren't relevant to date and time)
Provided dates are correct, because they're from usage history printout.
I've tried converting values to unix timestamps, seconds, milliseconds and much more, but I can't determine the format. Also the data might be in little endian.
I'm not sure about possible timezone, data might be in UTC, UTC+2 or UTC+3.
I appreciate any help.
I figured out the format, it goes like this:
All data is in little endian.
To get the time in minutes, the value must be bitsifted to right five times.
For example:
6e8b >> 5 = 884
884 minutes = 14 hours, 44 minutes (14:44)
Date is days from 1.1.1900. For example:
a2eb = 41707 (11.03.2014)
I'm building a server with the ENC28J60 chip and a PIC18F4620. The chip is connected to my PC via ethernet. Currently, I'm trying to set up the TCP connection over which I'll build an HTTP connection later on. I have never worked with TCP before.
I'm implementing TCP on the embedded device only, not on the PC.
After the needed ARP requests and replies are sent, I open up my browser, type the IP address of the chip in and press enter. In wireshark, I see a TCP request1 with the SYN flag is made. I believe the SYN flag indicates a new handshake initiation, so that's good, isn't it?
My chip's reply1 has the SYN and ACK flag enabled. From what I understood, that is the correct way to reply to a SYN-flagged request. The acknowledgement number the chip sends is correct. Now, the chip should get a reply with the ACK flag enabled, according to the same reference.
However, the process seems to start over: the PC sends the exact same packet1 as its first packet, only the 'identification' has changed. I programmed my chip to stop replying when it keeps getting SYN requests on the same socket, so this is the end of the transmission, in the browser I read that the server can't be reached.
This connection is made on four sockets at the same time, all with the same result.
As I'm just using my PC as client (and there's nothing wrong with my ethernet port / driver), the problem must be something with the server and thus with the second packet.
What's wrong with the second packet? Wireshark doesn't mark anything as incorrect, but the client doesn't send an ACK.
1: Here are the packets wireshark picks up:
Client: 3085 > 80 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=8 TSval=0 TSecr=0 SACK_PERM=1
0000 00 13 d4 c6 53 16 00 1a a0 03 c7 21 08 00 45 00 ....S... ...!..E.
0010 00 40 de 48 40 00 80 06 9a e1 c0 a8 00 01 c0 a8 .#.H#... ........
0020 00 3c 0c 0d 00 50 88 ab 7e 18 00 00 00 00 b0 02 .<...P.. ~.......
0030 ff ff a1 4f 00 00 02 04 05 b4 01 03 03 03 01 01 ...O.... ........
0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 ........ ......
Server: 80 > 3085 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=8
0000 00 1a a0 03 c7 21 00 13 d4 c6 53 16 08 00 45 00 .....!.. ..S...E.
0010 00 30 88 10 40 00 7f 06 f2 29 c0 a8 00 3c c0 a8 .0..#... .)...<..
0020 00 01 00 50 0c 0d 00 00 00 01 88 ab 7e 19 70 12 ...P.... ....~.p.
0030 ff ff ef 77 00 00 02 04 05 b4 01 03 03 03 ...w.... ......
Client: 3085 > 80 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=8 TSval=0 TSecr=0 SACK_PERM=1
0000 00 13 d4 c6 53 16 00 1a a0 03 c7 21 08 00 45 00 ....S... ...!..E.
0010 00 40 de 6f 40 00 80 06 9a ba c0 a8 00 01 c0 a8 .#.o#... ........
0020 00 3c 0c 0d 00 50 88 ab 7e 18 00 00 00 00 b0 02 .<...P.. ~.......
0030 ff ff a1 4f 00 00 02 04 05 b4 01 03 03 03 01 01 ...O.... ........
0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 ........ ......
All this happens similarly with three other client's source ports.
For comparison, I made a request to google.com and here is the TCP stream:
Client: 49562 > 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
0000 00 1a a0 03 c7 21 08 9e 01 30 ee 69 08 00 45 00 .....!.. .0.i..E.
0010 00 34 32 3f 40 00 80 06 38 ab c0 a8 00 3c 4a 7d .42?#... 8....<J}
0020 84 78 c1 9a 00 50 74 b8 31 9c 00 00 00 00 80 02 .x...Pt. 1.......
0030 20 00 56 f7 00 00 02 04 05 b4 01 03 03 08 01 01 .V..... ........
0040 04 02 ..
Server: 80 > 49562 [SYN, ACK] Seq=0 Ack=1 Win=62920 Len=0 MSS=1430 SACK_PERM=1 WS=64
0000 08 9e 01 30 ee 69 00 1a a0 03 c7 21 08 00 45 00 ...0.i.. ...!..E.
0010 00 34 9e e3 00 00 2e 06 5e 07 4a 7d 84 78 c0 a8 .4...... ^.J}.x..
0020 00 3c 00 50 c1 9a f4 5e 12 bc 74 b8 31 9d 80 12 .<.P...^ ..t.1...
0030 f5 c8 7a 22 00 00 02 04 05 96 01 01 04 02 01 03 ..z".... ........
0040 03 06 ..
Client: 49562 > 80 [ACK] Seq=1 Ack=1 Win=65536 Len=0
0000 00 1a a0 03 c7 21 08 9e 01 30 ee 69 08 00 45 00 .....!.. .0.i..E.
0010 00 28 32 49 40 00 80 06 38 ad c0 a8 00 3c 4a 7d .(2I#... 8....<J}
0020 84 78 c1 9a 00 50 74 b8 31 9d f4 5e 12 bd 50 10 .x...Pt. 1..^..P.
0030 01 00 af 9e 00 00 00 00 00 00 00 00 ........ ....
I used text2pcap to load your capture into wireshark.
If you enable TCP checksum validation and absolute sequence numbers, you will see a bad TCP checksum in your chip’s SYN-ACK packet.
Also, the chip starting at absolute sequence number 0 is very weak.