[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: AW: [suse-security] openvpn samba question (sshd keep alive cont..)



Rasp, Robert wrote:

Hello,

you don't need a wins-server wen you configured the lmhosts file korrekt.
Most of the time, browsing does not work over the VPN.
But you can access the Server
Press "Start" --> "Run" and then type "\\serverlinux"
After a few seconds there apperars a explorer-window with the shares of the server

Before you do this, start a shell on the server and use tcpdump:
tcpdump -pni [vpn-dev] port 135 or 137

For [vpn-dev] you use the VPN-Device.
You can see the traffic between the client and the server (i hope)....

Hello,

I have done what you say and It doesn´t work but I run tcpdump to see the traffic when I run

Press "Start" --> "Run" and then type "\\serverlinux"

and this is the result

10:19:19.949823 10.4.0.1.1670 > 10.4.0.2.445: S 3415080423:3415080423(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
10:19:19.949957 10.4.0.2.445 > 10.4.0.1.1670: R 0:0(0) ack 3415080424 win 0 (DF)
10:19:19.959907 192.168.1.215.1671 > 10.4.0.2.139: S 3415128806:3415128806(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
10:19:20.520925 10.4.0.1.1670 > 10.4.0.2.445: S 3415080423:3415080423(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
10:19:20.520985 10.4.0.2.445 > 10.4.0.1.1670: R 0:0(0) ack 1 win 0 (DF)
10:19:21.124781 10.4.0.1.1670 > 10.4.0.2.445: S 3415080423:3415080423(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
10:19:21.124858 10.4.0.2.445 > 10.4.0.1.1670: R 0:0(0) ack 1 win 0 (DF)
10:19:22.932343 *192.168.1.215.1671* > 10.4.0.2.139: S 3415128806:3415128806(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
10:19:25.940106 arp who-has 10.4.0.1 tell 10.4.0.2
10:19:26.058020 arp reply 10.4.0.1 is-at 0:ff:c2:38:b2:ce
10:19:29.066513 *192.168.1.215.1671* > 10.4.0.2.139: S 3415128806:3415128806(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)


I see the *192.168.1.215 *that is my normal IP, no the vpn ip, the vpn ip es 10.4.0.1. All the the S tcp packets are reply with R (eset) Packets
Can you explain this traffic?

Thanks

--
Emiliano Sutil García




--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here