Help to read this trace
I'm trying to synchronize our BPX with LDAP active directory all the configuration is correct but no result in search. Please help me to read this trace PBX IP is 10.253.4.3 LDAP IP is 10.140.8.233
No. Time Source Destination Protocol Length Info
9183 19.048491 10.253.4.3 10.140.8.233 TCP 66 10131 → 636 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=1
Frame 9183: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: HewlettP_97:7c:84 (00:9c:02:97:7c:84), Dst: Cisco_ff:fc:88 (00:08:e3:ff:fc:88)
Internet Protocol Version 4, Src: 10.253.4.3, Dst: 10.140.8.233
Transmission Control Protocol, Src Port: 10131, Dst Port: 636, Seq: 0, Len: 0
Source Port: 10131
Destination Port: 636
[Stream index: 4]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
Acknowledgment number: 0
Header Length: 32 bytes
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window size value: 5840
[Calculated window size: 5840]
Checksum: 0x0068 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale
Maximum segment size: 1460 bytes
No-Operation (NOP)
No-Operation (NOP)
TCP SACK Permitted Option: True
No-Operation (NOP)
Window scale: 0 (multiply by 1)
No. Time Source Destination Protocol Length Info
9184 19.048923 10.140.8.233 10.253.4.3 TCP 66 636 → 10131 [SYN, ACK] Seq=0 Ack=1 Win=8192
Len=0 MSS=1380 WS=256 SACK_PERM=1
Frame 9184: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Cisco_ff:fc:88 (00:08:e3:ff:fc:88), Dst: HewlettP_97:7c:84 (00:9c:02:97:7c:84)
Internet Protocol Version 4, Src: 10.140.8.233, Dst: 10.253.4.3
Transmission Control Protocol, Src Port: 636, Dst Port: 10131, Seq: 0, Ack: 1, Len: 0
Source Port: 636
Destination Port: 10131
[Stream index: 4]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
Acknowledgment number: 1 (relative ack number)
Header Length: 32 bytes
Flags: 0x012 (SYN, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A··S·]
Window size value: 8192
[Calculated window size: 8192]
Checksum: 0xcdf1 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
Maximum segment size: 1380 bytes
No-Operation (NOP)
Window scale: 8 (multiply by 256)
No-Operation (NOP)
No-Operation (NOP)
TCP SACK ...
It's a little bit hard as you've only posted the text output and not a pcap file.
For me it looks like the LDAP server is resetting the connection after receiving the first 14 bytes from the client.
As the connection is using 636/tcp I guess you want to use LDAPS. The first data should therefore be as SSL ClientHello. However this record should be bigger than 14 bytes.
Maybe your client is trying to use plaintext ldap (starting with a bindRequest) over port 636/tcp. If so the server would reset the connection.
=> Have a look at the payload of frame 9186.
Hi Uli, please see this pcap file. if u can help me, please https://drive.google.com/file/d/1IWse...
port 636 is LDAP over SSL i cant post the whole document as i don't have privileges to do so, i hope this is of some help at least.