Coda File System

tcpdump modified for RPC2

From: Peter J. Braam <braam_at_cs.cmu.edu>
Date: Fri, 10 Apr 1998 15:53:16 -0400 (EDT)
I have modified tcpdump a bit to print out RPC2 packet headers.  I find
this very helpful to analyze problems.

The modifed packages are at:

ftp.coda.cs.cmu.edu:/pub/coda/tools/libpcap-0.4a4.tar.Z
ftp.coda.cs.cmu.edu:/pub/coda/tools/tcpdump-3.4a5-rpc2.tgz

To build:
---------

unpack both archives in the same directory. cd into libpcap do
./configure ; make

Now cd ../tcpdump....

./configure ; make ; make install

Usage:
------

tcpdump -T rpc2 .............

Legend:
pr: protocol (should be 7)
(localhandle --> remotehandle)
fl: flags
bl: body length
sq: sequence number
oc: opcode

Example:
========

The first example shows a login to the auth2 server with correct
passwords:

This shows that the auth2 server gives local handle 30; it appears not to
have garbage collected its old connection entries. 

After INIT4 the whole packet is encrypted from the bodylength field
onwards:

15:16:39.764944 CARISSIMI.CODA.CS.CMU.EDU.1067 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 0), fl: a80000, bl: 234, sq: 0, oc: INIT1SEC
15:16:39.764944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1067:
  pr: 7, (39 --> 1), fl: a80000, bl: 20, sq: 0, oc: INIT2
15:16:39.764944 CARISSIMI.CODA.CS.CMU.EDU.1067 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 39), fl: 0, bl: 16, sq: 0, oc: INIT3
15:16:39.774944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1067:
  pr: 7, (39 --> 1), fl: a80000, bl: 24, sq: 0, oc: INIT4
15:16:39.774944 CARISSIMI.CODA.CS.CMU.EDU.1067 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 39), fl: 2, bl: -468293442, sq: 1388431667, oc: -468293444
15:16:39.774944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1067:
  pr: 7, (39 --> 1), fl: a80002, bl: -468293394, sq: 1388431628, oc:
468293446
15:16:39.774944 CARISSIMI.CODA.CS.CMU.EDU.1067 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 39), fl: 2, bl: -468293442, sq: 1388431629, oc: -468293447
15:16:39.774944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1067:
  pr: 7, (39 --> 1), fl: a80002, bl: -468293442, sq: 1388431630, oc:
468293446

The following example shows why typing a wrong password leads to strange
auth2 behaviour: you have to wait for timeouts:

(the INIT1 packet does not have a magic constant in it, so the server
cannot see that the packet is wrong.  The client does know when INIT2
arrives and gives up.  The server keeps retransmitting INIT2.)

15:18:01.964944 CARISSIMI.CODA.CS.CMU.EDU.1068 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 0), fl: a80000, bl: 234, sq: 0, oc: INIT1SEC
15:18:01.964944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1068:
  pr: 7, (3a --> 1), fl: a80000, bl: 20, sq: 0, oc: INIT2
15:18:02.444944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1068:
  pr: 7, (3a --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2
15:18:03.404944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1068:
  pr: 7, (3a --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2
15:18:05.304944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1068:
  pr: 7, (3a --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2
15:18:09.094944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1068:
  pr: 7, (3a --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2
15:18:16.664944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1068:
  pr: 7, (3a --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2
15:18:31.794944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1068:
  pr: 7, (3a --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2


Here is the mixture of busies and retries that leads to the well known 30
second wait upon logging in if you first type the wrong password, then the
right one.  Look what a mess it is (this should be six packets!):

The key issue seems to be the fact mentioned above: the lack of a magic.
Furthermore, the second login is regarded as a RETRY by the server, which
it is of course in human terms, but not in RPC2 terms.

We have managed to live with this for 10 years or so .....

- Peter -


15:20:17.264944 CARISSIMI.CODA.CS.CMU.EDU.1069 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 0), fl: a80000, bl: 234, sq: 0, oc: INIT1SEC
15:20:17.264944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1069:
  pr: 7, (3b --> 1), fl: a80000, bl: 20, sq: 0, oc: INIT2
15:20:17.744944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1069:
  pr: 7, (3b --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2
15:20:18.704944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1069:
  pr: 7, (3b --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2
15:20:20.604944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1069:
  pr: 7, (3b --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2
15:20:23.944944 CARISSIMI.CODA.CS.CMU.EDU.1070 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 0), fl: a80000, bl: 234, sq: 0, oc: INIT1SEC
15:20:24.394944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1069:
  pr: 7, (3b --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2
15:20:24.434944 CARISSIMI.CODA.CS.CMU.EDU.1070 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 0), fl: a80001, bl: 234, sq: 0, oc: INIT1SEC
15:20:24.434944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1070:
  pr: 7, (3c --> 1), fl: a80000, bl: 0, sq: 378374016, oc: BUSY
15:20:25.394944 CARISSIMI.CODA.CS.CMU.EDU.1070 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 0), fl: a80001, bl: 234, sq: 0, oc: INIT1SEC
15:20:25.394944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1070:
  pr: 7, (3c --> 1), fl: a80000, bl: 0, sq: 378374016, oc: BUSY
15:20:27.294944 CARISSIMI.CODA.CS.CMU.EDU.1070 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 0), fl: a80001, bl: 234, sq: 0, oc: INIT1SEC
15:20:27.294944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1070:
  pr: 7, (3c --> 1), fl: a80000, bl: 0, sq: 378374016, oc: BUSY
15:20:31.084944 CARISSIMI.CODA.CS.CMU.EDU.1070 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 0), fl: a80001, bl: 234, sq: 0, oc: INIT1SEC
15:20:31.084944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1070:
  pr: 7, (3c --> 1), fl: a80000, bl: 0, sq: 378374016, oc: BUSY
15:20:31.954944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1069:
  pr: 7, (3b --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2
15:20:38.654944 CARISSIMI.CODA.CS.CMU.EDU.1070 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 0), fl: a80001, bl: 234, sq: 0, oc: INIT1SEC
15:20:38.654944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1070:
  pr: 7, (3c --> 1), fl: a80000, bl: 0, sq: 378374016, oc: BUSY
15:20:47.074944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1069:
  pr: 7, (3b --> 1), fl: a80001, bl: 20, sq: 0, oc: INIT2
15:20:53.784944 CARISSIMI.CODA.CS.CMU.EDU.1070 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 0), fl: a80001, bl: 234, sq: 0, oc: INIT1SEC
15:20:53.784944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1070:
  pr: 7, (3c --> 1), fl: a80000, bl: 0, sq: 378374016, oc: BUSY
15:21:17.314944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1070:
  pr: 7, (3c --> 1), fl: a80000, bl: 20, sq: 0, oc: INIT2
15:21:17.314944 CARISSIMI.CODA.CS.CMU.EDU.1070 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 3c), fl: 0, bl: 16, sq: 0, oc: INIT3
15:21:17.314944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1070:
  pr: 7, (3c --> 1), fl: a80000, bl: 24, sq: 0, oc: INIT4
15:21:17.314944 CARISSIMI.CODA.CS.CMU.EDU.1070 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 3c), fl: 2, bl: -612237949, sq: -1790516670, oc:
-612237951
15:21:17.314944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1070:
  pr: 7, (3c --> 1), fl: a80002, bl: -612237869, sq: -1790516671, oc:
612237947
15:21:17.314944 CARISSIMI.CODA.CS.CMU.EDU.1070 >
MASSENET.CODA.CS.CMU.EDU.coda_auth:
  pr: 7, (1 --> 3c), fl: 2, bl: -612237949, sq: -1790516672, oc:
-612237948
15:21:17.314944 MASSENET.CODA.CS.CMU.EDU.coda_auth >
CARISSIMI.CODA.CS.CMU.EDU.1070:
  pr: 7, (3c --> 1), fl: a80002, bl: -612237949, sq: -1790516665, oc:
612237947
Received on 1998-04-10 16:58:13