|
|
Page to keep notes about the fingerprintability of WebRTC, relevant to the [Snowflake](Snowflake) pluggable transport.
|
|
|
|
|
|
Tech report "Fingerprintability of WebRTC" by David Fifield and Mia Gil Epner: https://arxiv.org/abs/1605.08805.
|
|
|
|
|
|
An analysis of use of WebRTC by some mobile apps: https://andyet.com/webrtc-reports/.
|
|
|
|
|
|
Analysis of DTLS-SRTP and DTLS-SCTP in Twilio and Wire: https://www.gremwell.com/node/954
|
|
|
|
|
|
Potential identifying features:
|
|
|
* STUN: [USERNAME attribute](https://tools.ietf.org/html/rfc5389#section-15.3), free-form text.
|
|
|
* STUN: optional [FINGERPRINT attribute](https://tools.ietf.org/html/rfc5389#section-8).
|
|
|
* STUN: optional(?) [SOFTWARE attribute](https://tools.ietf.org/html/rfc5389#section-15.10).
|
|
|
* STUN attributes in general: their type and order.
|
|
|
* DTLS: client ciphersuites (type and order).
|
|
|
* DTLS: client extensions (type and order).
|
|
|
* DTLS: server extensions (type and order).
|
|
|
* DTLS: certificate validity period.
|
|
|
DNS seems like no big deal? Other layers to look at?
|
|
|
|
|
|
Data channels use DTLS while non-data (media, video) use SRTP.
|
|
|
[WebRTC Data Channels](https://datatracker.ietf.org/doc/draft-ietf-rtcweb-data-channel/?include_text=1): "In the WebRTC framework, communication between the parties consists of media (for example audio and video) and non-media data. Media is sent using SRTP, and is not specified further here. Non-media data is handled by using SCTP [RFC4960] encapsulated in DTLS."
|
|
|
[Web Real-Time Communication (WebRTC): Media Transport and Use of RTP](https://datatracker.ietf.org/doc/draft-ietf-rtcweb-rtp-usage/?include_text=1)
|
|
|
|
|
|
## Bro script to fingerprint DTLS
|
|
|
|
|
|
https://github.com/miagilepner/DTLS-fingerprint
|
|
|
|
|
|
## Snowflake Dissections
|
|
|
|
|
|
The GitLab wiki does not support background colors,
|
|
|
which were used to highlight common parts of packet dissections.
|
|
|
You may want to refer to the
|
|
|
[archived Trac wiki page](https://trac.torproject.org/projects/tor/wiki/doc/Snowflake/Fingerprinting#SnowflakeDissections).
|
|
|
|
|
|
### DTLS
|
|
|
|
|
|
The unknown (0x0017) extension is present in all DTLS communication and is concerning. Looks like 0x0017 is [extended master secret](https://tools.ietf.org/html/rfc7627).
|
|
|
|
|
|
<pre>
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 0
|
|
|
Length: 110
|
|
|
Handshake Protocol: Client Hello
|
|
|
Handshake Type: Client Hello (1)
|
|
|
Length: 98
|
|
|
Message Sequence: 0
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 98
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Random
|
|
|
<b>GMT Unix Time: Nov 15, 2056 17:39:12.000000000 PST</b>
|
|
|
Random Bytes: 061231403fafc5f8592806c668f47fd7c8723693e723f3d6...
|
|
|
Session ID Length: 0
|
|
|
Cookie Length: 0
|
|
|
Cipher Suites Length: 18
|
|
|
<b>Cipher Suites (9 suites)</b>
|
|
|
<b> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)</b>
|
|
|
<b> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)</b>
|
|
|
<b> Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)</b>
|
|
|
<b> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)</b>
|
|
|
<b> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)</b>
|
|
|
<b> Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)</b>
|
|
|
<b> Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)</b>
|
|
|
<b> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)</b>
|
|
|
<b> Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)</b>
|
|
|
Compression Methods Length: 1
|
|
|
Compression Methods (1 method)
|
|
|
Compression Method: null (0)
|
|
|
Extensions Length: 38
|
|
|
<i>Extension: renegotiation_info</i>
|
|
|
<i> Type: renegotiation_info (0xff01)</i>
|
|
|
<i> Length: 1</i>
|
|
|
<i> Renegotiation Info extension</i>
|
|
|
<i> Renegotiation info extension length: 0</i>
|
|
|
<b><i>Extension: Unknown 23</i></b>
|
|
|
<b><i> Type: Unknown (0x0017)</i></b>
|
|
|
<b><i> Length: 0</i></b>
|
|
|
<b><i> Data (0 bytes)</i></b>
|
|
|
<i> Extension: SessionTicket TLS</i>
|
|
|
<i> Type: SessionTicket TLS (0x0023)</i>
|
|
|
<i> Length: 0</i>
|
|
|
<i> Data (0 bytes)</i>
|
|
|
<i> Extension: use_srtp</i>
|
|
|
<i> Type: use_srtp (0x000e)</i>
|
|
|
<i> Length: 5</i>
|
|
|
<i> Data (5 bytes)</i>
|
|
|
<i> Extension: ec_point_formats</i>
|
|
|
<i> Type: ec_point_formats (0x000b)</i>
|
|
|
<i> Length: 2</i>
|
|
|
<i> EC point formats Length: 1</i>
|
|
|
<i> Elliptic curves point formats (1)</i>
|
|
|
<i> EC point format: uncompressed (0)</i>
|
|
|
<i> Extension: elliptic_curves</i>
|
|
|
<i> Type: elliptic_curves (0x000a)</i>
|
|
|
<i> Length: 6</i>
|
|
|
<i> Elliptic Curves Length: 4</i>
|
|
|
<i> Elliptic curves (2 curves)</i>
|
|
|
<i> Elliptic curve: secp256r1 (0x0017)</i>
|
|
|
<i> Elliptic curve: secp384r1 (0x0018)</i>
|
|
|
|
|
|
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
|
|
|
Content Type: Handshake (22)
|
|
|
V<b>ersion: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 0
|
|
|
Length: 80
|
|
|
Handshake Protocol: Server Hello
|
|
|
Handshake Type: Server Hello (2)
|
|
|
Length: 68
|
|
|
Message Sequence: 0
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 68
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Random
|
|
|
<b>GMT Unix Time: Feb 3, 2016 12:40:26.000000000 PST</b>
|
|
|
Random Bytes: 77a5a5590ca7147b4130e4f92bc6de09954c7ba9b8e00753...
|
|
|
Session ID Length: 0
|
|
|
<b>Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)</b>
|
|
|
Compression Method: null (0)
|
|
|
Extensions Length: 28
|
|
|
<i>Extension: renegotiation_info</i>
|
|
|
<i> Type: renegotiation_info (0xff01)</i>
|
|
|
<i> Length: 1</i>
|
|
|
<i> Renegotiation Info extension</i>
|
|
|
<i> Renegotiation info extension length: 0</i>
|
|
|
<b><i>Extension: Unknown 23</i></b>
|
|
|
<b><i> Type: Unknown (0x0017)</i></b>
|
|
|
<b><i> Length: 0</i></b>
|
|
|
<b><i> Data (0 bytes)</i></b>
|
|
|
<i> Extension: SessionTicket TLS</i>
|
|
|
<i> Type: SessionTicket TLS (0x0023)</i>
|
|
|
<i> Length: 0</i>
|
|
|
<i> Data (0 bytes)</i>
|
|
|
<i> Extension: use_srtp</i>
|
|
|
<i> Type: use_srtp (0x000e)</i>
|
|
|
<i> Length: 5</i>
|
|
|
<i> Data (5 bytes)</i>
|
|
|
<i> Extension: ec_point_formats</i>
|
|
|
<i> Type: ec_point_formats (0x000b)</i>
|
|
|
<i> Length: 2</i>
|
|
|
<i> EC point formats Length: 1</i>
|
|
|
<i> Elliptic curves point formats (1)</i>
|
|
|
<i> EC point format: uncompressed (0)</i>
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 1
|
|
|
Length: 431
|
|
|
Handshake Protocol: Certificate
|
|
|
Handshake Type: Certificate (11)
|
|
|
Length: 419
|
|
|
Message Sequence: 1
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 419
|
|
|
Certificates Length: 416
|
|
|
Certificates (416 bytes)
|
|
|
Certificate Length: 413
|
|
|
Certificate (<b><i>id-at-commonName=WebRTC</i></b>)
|
|
|
signedCertificate
|
|
|
serialNumber: -199448578203076297
|
|
|
signature (sha256WithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
|
|
|
issuer: rdnSequence (0)
|
|
|
rdnSequence: 1 item (id-at-commonName=WebRTC)
|
|
|
RDNSequence item: 1 item (id-at-commonName=WebRTC)
|
|
|
RelativeDistinguishedName item (id-at-commonName=WebRTC)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: uTF8String (4)
|
|
|
uTF8String: WebRTC
|
|
|
validity
|
|
|
notBefore: utcTime (0)
|
|
|
utcTime: 16-02-02 20:40:24 (UTC)
|
|
|
<b><i>notAfter: utcTime (0)</i></b>
|
|
|
<b><i> utcTime: 16-03-04 20:40:24 (UTC)</i></b>
|
|
|
subject: rdnSequence (0)
|
|
|
rdnSequence: 1 item (id-at-commonName=WebRTC)
|
|
|
RDNSequence item: 1 item (id-at-commonName=WebRTC)
|
|
|
RelativeDistinguishedName item (id-at-commonName=WebRTC)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: uTF8String (4)
|
|
|
uTF8String: WebRTC
|
|
|
subjectPublicKeyInfo
|
|
|
algorithm (rsaEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
|
|
|
Padding: 0
|
|
|
subjectPublicKey: 30818902818100f80b20502afafd6ce3c2da226231dc04b3...
|
|
|
algorithmIdentifier (sha256WithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
|
|
|
Padding: 0
|
|
|
encrypted: 8ad10f58e3bd116f2d44632775018cde8e5bc51acb4dc914...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Key Exchange
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 2
|
|
|
Length: 211
|
|
|
Handshake Protocol: Server Key Exchange
|
|
|
Handshake Type: Server Key Exchange (12)
|
|
|
Length: 199
|
|
|
Message Sequence: 2
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 199
|
|
|
EC Diffie-Hellman Server Params
|
|
|
Curve Type: named_curve (0x03)
|
|
|
Named Curve: secp256r1 (0x0017)
|
|
|
Pubkey Length: 65
|
|
|
<b>Pubkey: 04042d88c974e3c5aead9b9602e16be7eee110a5bf5b6c07...</b>
|
|
|
Signature Length: 128
|
|
|
Signature: 2921d3af691af98af3988b518416caaef54e2cda54f0694f...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate Request
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 3
|
|
|
Length: 17
|
|
|
Handshake Protocol: Certificate Request
|
|
|
Handshake Type: Certificate Request (13)
|
|
|
Length: 5
|
|
|
Message Sequence: 3
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 5
|
|
|
Certificate types count: 2
|
|
|
Certificate types (2 types)
|
|
|
Certificate type: RSA Sign (1)
|
|
|
Certificate type: ECDSA Sign (64)
|
|
|
Distinguished Names Length: 0
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 4
|
|
|
Length: 12
|
|
|
Handshake Protocol: Server Hello Done
|
|
|
Handshake Type: Server Hello Done (14)
|
|
|
Length: 0
|
|
|
Message Sequence: 4
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 0
|
|
|
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 1
|
|
|
Length: 431
|
|
|
Handshake Protocol: Certificate
|
|
|
Handshake Type: Certificate (11)
|
|
|
Length: 419
|
|
|
Message Sequence: 1
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 419
|
|
|
Certificates Length: 416
|
|
|
Certificates (416 bytes)
|
|
|
Certificate Length: 413
|
|
|
Certificate (i<b><i>d-at-commonName=WebRTC)</i></b>
|
|
|
signedCertificate
|
|
|
version: v3 (2)
|
|
|
serialNumber: 968514978
|
|
|
signature (sha256WithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
|
|
|
issuer: rdnSequence (0)
|
|
|
rdnSequence: 1 item (id-at-commonName=WebRTC)
|
|
|
RDNSequence item: 1 item (id-at-commonName=WebRTC)
|
|
|
RelativeDistinguishedName item (id-at-commonName=WebRTC)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: uTF8String (4)
|
|
|
uTF8String: WebRTC
|
|
|
validity
|
|
|
notBefore: utcTime (0)
|
|
|
utcTime: 16-01-27 21:22:56 (UTC)
|
|
|
notAfter: utcTime (0)
|
|
|
<b><i>utcTime: 16-02-26 21:22:56 (UTC)</i></b>
|
|
|
subject: rdnSequence (0)
|
|
|
rdnSequence: 1 item (id-at-commonName=WebRTC)
|
|
|
RDNSequence item: 1 item (id-at-commonName=WebRTC)
|
|
|
RelativeDistinguishedName item (id-at-commonName=WebRTC)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: uTF8String (4)
|
|
|
uTF8String: WebRTC
|
|
|
subjectPublicKeyInfo
|
|
|
algorithm (rsaEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
|
|
|
Padding: 0
|
|
|
subjectPublicKey: 30818902818100c6d0e52fb7906d54726fff0d4d5a611a5d...
|
|
|
algorithmIdentifier (sha256WithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
|
|
|
Padding: 0
|
|
|
encrypted: 3787bcc099fd7d1fede13e633b79de93aedc62336b6e8ef0...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Client Key Exchange
|
|
|
Content Type: Handshake (22)
|
|
|
Version: DTLS 1.0 (0xfeff)
|
|
|
Epoch: 0
|
|
|
Sequence Number: 2
|
|
|
Length: 78
|
|
|
Handshake Protocol: Client Key Exchange
|
|
|
Handshake Type: Client Key Exchange (16)
|
|
|
Length: 66
|
|
|
Message Sequence: 2
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 66
|
|
|
EC Diffie-Hellman Client Params
|
|
|
Pubkey Length: 65
|
|
|
<b>Pubkey: 04be8aed734fd935d017b11d9e0d36401989a9a535bbe9ab...</b>
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate Verify
|
|
|
Content Type: Handshake (22)
|
|
|
Version: DTLS 1.0 (0xfeff)
|
|
|
Epoch: 0
|
|
|
Sequence Number: 3
|
|
|
Length: 142
|
|
|
Handshake Protocol: Certificate Verify
|
|
|
Handshake Type: Certificate Verify (15)
|
|
|
Length: 130
|
|
|
Message Sequence: 3
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 130
|
|
|
DTLSv1.0 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
|
|
|
Content Type: Change Cipher Spec (20)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 4
|
|
|
Length: 1
|
|
|
Change Cipher Spec Message
|
|
|
Record Layer
|
|
|
Content Type: Handshake (22)
|
|
|
Version: DTLS 1.0 (0xfeff)
|
|
|
Epoch: 1
|
|
|
Sequence Number: 0
|
|
|
Length: 64
|
|
|
Handshake Protocol
|
|
|
|
|
|
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: New Session Ticket
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 5
|
|
|
Length: 610
|
|
|
Handshake Protocol: New Session Ticket
|
|
|
Handshake Type: New Session Ticket (4)
|
|
|
Length: 598
|
|
|
Message Sequence: 5
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 598
|
|
|
<b><i>TLS Session Ticket</i></b>
|
|
|
<b><i> Session Ticket Lifetime Hint: 7200</i></b>
|
|
|
Session Ticket Length: 592
|
|
|
Session Ticket: aeb7218d071c2610c61f708141dcb625c90ae8703c1aaf1b...
|
|
|
DTLSv1.0 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
|
|
|
Content Type: Change Cipher Spec (20)
|
|
|
Version: DTLS 1.0 (0xfeff)
|
|
|
Epoch: 0
|
|
|
Sequence Number: 6
|
|
|
Length: 1
|
|
|
Change Cipher Spec Message
|
|
|
Record Layer
|
|
|
Content Type: Handshake (22)
|
|
|
Version: DTLS 1.0 (0xfeff)
|
|
|
Epoch: 1
|
|
|
Sequence Number: 0
|
|
|
Length: 64
|
|
|
Handshake Protocol</pre>
|
|
|
</pre>
|
|
|
|
|
|
### STUN
|
|
|
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
[Response In: 2]
|
|
|
<b>Message Type: 0x0001 (Binding Request)</b>
|
|
|
.... ...0 ...0 .... = Message Class: 0x0000
|
|
|
[Request (0)]
|
|
|
..00 000. 000. 0001 = Message Method: 0x0001
|
|
|
[Binding (0x001)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 0
|
|
|
Message Cookie: 2112a442
|
|
|
<b><i>Message Transaction ID: 4734332b507130774f7a2b31</i></b>
|
|
|
|
|
|
|
|
|
Session Traversal Utilities for NAT
|
|
|
[Request In: 1]
|
|
|
[Time: 0.071000000 seconds]
|
|
|
<b>Message Type: 0x0101 (Binding Success Response)</b>
|
|
|
.... ...1 ...0 .... = Message Class: 0x0010
|
|
|
[Success Response (2)]
|
|
|
..00 000. 000. 0001 = Message Method: 0x0001
|
|
|
[Binding (0x001)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 12
|
|
|
Message Cookie: 2112a442
|
|
|
<b><i>Message Transaction ID: 4734332b507130774f7a2b31</i></b>
|
|
|
Attributes
|
|
|
XOR-MAPPED-ADDRESS: 192.0.2.10:56631
|
|
|
Attribute Type: XOR-MAPPED-ADDRESS (0x0020)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 8
|
|
|
Reserved: 00
|
|
|
Protocol Family: IPv4 (0x01)
|
|
|
Port (XOR-d): fc25
|
|
|
[Port: 56631]
|
|
|
IP (XOR-d): 83fcba14
|
|
|
[IP: 192.0.2.10 (192.0.2.10)]
|
|
|
|
|
|
|
|
|
Session Traversal Utilities for NAT
|
|
|
[Response In: 13]
|
|
|
<b>Message Type: 0x0001 (Binding Request)</b>
|
|
|
.... ...0 ...0 .... = Message Class: 0x0000
|
|
|
[Request (0)]
|
|
|
..00 000. 000. 0001 = Message Method: 0x0001
|
|
|
[Binding (0x001)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 96
|
|
|
Message Cookie: 2112a442
|
|
|
<b><i>Message Transaction ID: 6152536e75732b364a494538</i></b>
|
|
|
<i>Attributes</i>
|
|
|
<b><i>USERNAME: kobaHqEbY+V1ziVB:T+bbk5iYxqr95mKy</i></b>
|
|
|
<i> Attribute Type: USERNAME (0x0006)</i>
|
|
|
<i> 0... .... .... .... = Attribute Type Comprehension: 0x0000</i>
|
|
|
<i> [Required (0)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 33</i>
|
|
|
<i> Username: kobaHqEbY+V1ziVB:T+bbk5iYxqr95mKy</i>
|
|
|
<i> Padding: 3</i>
|
|
|
<i> ICE-CONTROLLING</i>
|
|
|
<i> Attribute Type: ICE-CONTROLLING (0x802a)</i>
|
|
|
<i> 1... .... .... .... = Attribute Type Comprehension: 0x0001</i>
|
|
|
<i> [Optional (1)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 8</i>
|
|
|
<b><i>Tie breaker: 9ef84ba2fafac8a8</i></b>
|
|
|
<i> USE-CANDIDATE</i>
|
|
|
<i> Attribute Type: USE-CANDIDATE (0x0025)</i>
|
|
|
<i> 0... .... .... .... = Attribute Type Comprehension: 0x0000</i>
|
|
|
<i> [Required (0)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 0</i>
|
|
|
<i> PRIORITY</i>
|
|
|
<i> Attribute Type: PRIORITY (0x0024)</i>
|
|
|
<i> 0... .... .... .... = Attribute Type Comprehension: 0x0000</i>
|
|
|
<i> [Required (0)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 4</i>
|
|
|
<i> Priority: 1853759231</i>
|
|
|
<i> MESSAGE-INTEGRITY</i>
|
|
|
<i> Attribute Type: MESSAGE-INTEGRITY (0x0008)</i>
|
|
|
<i> 0... .... .... .... = Attribute Type Comprehension: 0x0000</i>
|
|
|
<i> [Required (0)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 20</i>
|
|
|
<i> HMAC-SHA1: 66f748838e0a05e60fc56e3345937ad40f19221c</i>
|
|
|
<i> FINGERPRINT</i>
|
|
|
<i> Attribute Type: FINGERPRINT (0x8028)</i>
|
|
|
<i> 1... .... .... .... = Attribute Type Comprehension: 0x0001</i>
|
|
|
<i> [Optional (1)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 4</i>
|
|
|
<i> CRC-32: 0x76c1aa8f</i>
|
|
|
|
|
|
|
|
|
Session Traversal Utilities for NAT
|
|
|
[Request In: 3]
|
|
|
[Time: 0.290224000 seconds]
|
|
|
<b>Message Type: 0x0101 (Binding Success Response)</b>
|
|
|
.... ...1 ...0 .... = Message Class: 0x0010
|
|
|
[Success Response (2)]
|
|
|
..00 000. 000. 0001 = Message Method: 0x0001
|
|
|
[Binding (0x001)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 44
|
|
|
Message Cookie: 2112a442
|
|
|
<b><i>Message Transaction ID: 6152536e75732b364a494538</i></b>
|
|
|
<i>Attributes</i>
|
|
|
<i> XOR-MAPPED-ADDRESS: 192.0.2.10:56631</i>
|
|
|
<i> Attribute Type: XOR-MAPPED-ADDRESS (0x0020)</i>
|
|
|
<i> 0... .... .... .... = Attribute Type Comprehension: 0x0000</i>
|
|
|
<i> [Required (0)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 8</i>
|
|
|
<i> Reserved: 00</i>
|
|
|
<i> Protocol Family: IPv4 (0x01)</i>
|
|
|
<i> Port (XOR-d): fc25</i>
|
|
|
<i> [Port: 56631]</i>
|
|
|
<i> IP (XOR-d): 83fcba14</i>
|
|
|
<i> [IP: 192.0.2.10 (192.0.2.10)]</i>
|
|
|
<i> MESSAGE-INTEGRITY</i>
|
|
|
<i> Attribute Type: MESSAGE-INTEGRITY (0x0008)</i>
|
|
|
<i> 0... .... .... .... = Attribute Type Comprehension: 0x0000</i>
|
|
|
<i> [Required (0)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 20</i>
|
|
|
<i> HMAC-SHA1: aac12f05a0635a534e794e7c6273ea6a5c2945ed</i>
|
|
|
<i> FINGERPRINT</i>
|
|
|
<i> Attribute Type: FINGERPRINT (0x8028)</i>
|
|
|
<i> 1... .... .... .... = Attribute Type Comprehension: 0x0001</i>
|
|
|
<i> [Optional (1)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 4</i>
|
|
|
<i> CRC-32: 0x69ae371e</i>
|
|
|
|
|
|
Session Traversal Utilities for NAT
|
|
|
[Response In: 5]
|
|
|
<b>Message Type: 0x0001 (Binding Request)</b>
|
|
|
.... ...0 ...0 .... = Message Class: 0x0000
|
|
|
[Request (0)]
|
|
|
..00 000. 000. 0001 = Message Method: 0x0001
|
|
|
[Binding (0x001)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 92
|
|
|
Message Cookie: 2112a442
|
|
|
<b><i>Message Transaction ID: 6e2b51714d6e734250714a48</i></b>
|
|
|
<i>Attributes</i>
|
|
|
<b><i>USERNAME: T+bbk5iYxqr95mKy:kobaHqEbY+V1ziVB</i></b>
|
|
|
<i> Attribute Type: USERNAME (0x0006)</i>
|
|
|
<i> 0... .... .... .... = Attribute Type Comprehension: 0x0000</i>
|
|
|
<i> [Required (0)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 33</i>
|
|
|
<i> Username: T+bbk5iYxqr95mKy:kobaHqEbY+V1ziVB</i>
|
|
|
<i> Padding: 3</i>
|
|
|
<i> ICE-CONTROLLED</i>
|
|
|
<i> Attribute Type: ICE-CONTROLLED (0x8029)</i>
|
|
|
<i> 1... .... .... .... = Attribute Type Comprehension: 0x0001</i>
|
|
|
<i> [Optional (1)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 8</i>
|
|
|
<b><i> Tie breaker: 4e2bfda493c8265e</i></b>
|
|
|
<i> PRIORITY</i>
|
|
|
<i> Attribute Type: PRIORITY (0x0024)</i>
|
|
|
<i> 0... .... .... .... = Attribute Type Comprehension: 0x0000</i>
|
|
|
<i> [Required (0)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 4</i>
|
|
|
<i> Priority: 1853824767</i>
|
|
|
<i> MESSAGE-INTEGRITY</i>
|
|
|
<i> Attribute Type: MESSAGE-INTEGRITY (0x0008)</i>
|
|
|
<i> 0... .... .... .... = Attribute Type Comprehension: 0x0000</i>
|
|
|
<i> [Required (0)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 20</i>
|
|
|
<i> HMAC-SHA1: d09add55f86f6d1780afd4b9ab4780fe1350ef1e</i>
|
|
|
<i> FINGERPRINT</i>
|
|
|
<i> Attribute Type: FINGERPRINT (0x8028)</i>
|
|
|
<i> 1... .... .... .... = Attribute Type Comprehension: 0x0001</i>
|
|
|
<i> [Optional (1)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 4</i>
|
|
|
<i> CRC-32: 0x969a56c0</i>
|
|
|
|
|
|
|
|
|
Session Traversal Utilities for NAT
|
|
|
[Request In: 4]
|
|
|
[Time: 0.000331000 seconds]
|
|
|
<b>Message Type: 0x0101 (Binding Success Response)</b>
|
|
|
.... ...1 ...0 .... = Message Class: 0x0010
|
|
|
[Success Response (2)]
|
|
|
..00 000. 000. 0001 = Message Method: 0x0001
|
|
|
[Binding (0x001)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 44
|
|
|
Message Cookie: 2112a442
|
|
|
<b><i>Message Transaction ID: 6e2b51714d6e734250714a48</i></b>
|
|
|
<i>Attributes</i>
|
|
|
<i> XOR-MAPPED-ADDRESS: 199.241.201.138:51749</i>
|
|
|
<i> Attribute Type: XOR-MAPPED-ADDRESS (0x0020)</i>
|
|
|
<i> 0... .... .... .... = Attribute Type Comprehension: 0x0000</i>
|
|
|
<i> [Required (0)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 8</i>
|
|
|
<i> Reserved: 00</i>
|
|
|
<i> Protocol Family: IPv4 (0x01)</i>
|
|
|
<i> Port (XOR-d): eb37</i>
|
|
|
<i> [Port: 51749]</i>
|
|
|
<i> IP (XOR-d): e6e36dc8</i>
|
|
|
<i> [IP: 199.241.201.138 (199.241.201.138)]</i>
|
|
|
<i> MESSAGE-INTEGRITY</i>
|
|
|
<i> Attribute Type: MESSAGE-INTEGRITY (0x0008)</i>
|
|
|
<i> 0... .... .... .... = Attribute Type Comprehension: 0x0000</i>
|
|
|
<i> [Required (0)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 20</i>
|
|
|
<i> HMAC-SHA1: e61427b2b55c60c2d135262e947bdfe26f2c0f9b</i>
|
|
|
<i> FINGERPRINT</i>
|
|
|
<i> Attribute Type: FINGERPRINT (0x8028)</i>
|
|
|
<i> 1... .... .... .... = Attribute Type Comprehension: 0x0001</i>
|
|
|
<i> [Optional (1)]</i>
|
|
|
<i> .0.. .... .... .... = Attribute Type Assignment: 0x0000</i>
|
|
|
<i> [IETF Review (0)]</i>
|
|
|
<i> Attribute Length: 4</i>
|
|
|
<i> CRC-32: 0xca4bdcce</i>
|
|
|
</pre>
|
|
|
|
|
|
## OpenTokRTC Dissections
|
|
|
|
|
|
These are of https://opentokrtc.com/
|
|
|
|
|
|
The GitLab wiki does not support background colors,
|
|
|
which were used to highlight common parts of packet dissections.
|
|
|
You may want to refer to the
|
|
|
[archived Trac wiki page](https://trac.torproject.org/projects/tor/wiki/doc/Snowflake/Fingerprinting#OpenTokRTCDissections).
|
|
|
|
|
|
### DNS
|
|
|
|
|
|
DNS Queries (A and AAAA).
|
|
|
|
|
|
<pre>
|
|
|
Domain Name System (query)
|
|
|
Transaction ID: 0x75f7
|
|
|
Flags: 0x0100 Standard query
|
|
|
0... .... .... .... = Response: Message is a query
|
|
|
.000 0... .... .... = Opcode: Standard query (0)
|
|
|
.... ..0. .... .... = Truncated: Message is not truncated
|
|
|
.... ...1 .... .... = Recursion desired: Do query recursively
|
|
|
.... .... .0.. .... = Z: reserved (0)
|
|
|
.... .... ...0 .... = Non-authenticated data: Unacceptable
|
|
|
Questions: 1
|
|
|
Answer RRs: 0
|
|
|
Authority RRs: 0
|
|
|
Additional RRs: 0
|
|
|
Queries
|
|
|
<b>mantis004-sjc.tokbox.com</b>: type A, class IN
|
|
|
Name: mantis004-sjc.tokbox.com
|
|
|
[Name Length: 24]
|
|
|
[Label Count: 3]
|
|
|
Type: A (Host Address) (1)
|
|
|
Class: IN (0x0001)
|
|
|
|
|
|
Domain Name System (query)
|
|
|
Transaction ID: 0xecea
|
|
|
Flags: 0x0100 Standard query
|
|
|
0... .... .... .... = Response: Message is a query
|
|
|
.000 0... .... .... = Opcode: Standard query (0)
|
|
|
.... ..0. .... .... = Truncated: Message is not truncated
|
|
|
.... ...1 .... .... = Recursion desired: Do query recursively
|
|
|
.... .... .0.. .... = Z: reserved (0)
|
|
|
.... .... ...0 .... = Non-authenticated data: Unacceptable
|
|
|
Questions: 1
|
|
|
Answer RRs: 0
|
|
|
Authority RRs: 0
|
|
|
Additional RRs: 0
|
|
|
Queries
|
|
|
<b>mantis004-sjc.tokbox.com</b>: type AAAA, class IN
|
|
|
Name: mantis004-sjc.tokbox.com
|
|
|
[Name Length: 24]
|
|
|
[Label Count: 3]
|
|
|
Type: AAAA (IPv6 Address) (28)
|
|
|
Class: IN (0x0001)
|
|
|
</pre>
|
|
|
|
|
|
DNS Responses (A and AAAA).
|
|
|
|
|
|
<pre>
|
|
|
Domain Name System (response)
|
|
|
Transaction ID: 0x75f7
|
|
|
Flags: 0x8180 Standard query response, No error
|
|
|
1... .... .... .... = Response: Message is a response
|
|
|
.000 0... .... .... = Opcode: Standard query (0)
|
|
|
.... .0.. .... .... = Authoritative: Server is not an authority for domain
|
|
|
.... ..0. .... .... = Truncated: Message is not truncated
|
|
|
.... ...1 .... .... = Recursion desired: Do query recursively
|
|
|
.... .... 1... .... = Recursion available: Server can do recursive queries
|
|
|
.... .... .0.. .... = Z: reserved (0)
|
|
|
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
|
|
|
.... .... ...0 .... = Non-authenticated data: Unacceptable
|
|
|
.... .... .... 0000 = Reply code: No error (0)
|
|
|
Questions: 1
|
|
|
Answer RRs: 1
|
|
|
Authority RRs: 0
|
|
|
Additional RRs: 0
|
|
|
Queries
|
|
|
mantis004-sjc.tokbox.com: type A, class IN
|
|
|
Name: mantis004-sjc.tokbox.com
|
|
|
[Name Length: 24]
|
|
|
[Label Count: 3]
|
|
|
Type: A (Host Address) (1)
|
|
|
Class: IN (0x0001)
|
|
|
Answers
|
|
|
mantis004-sjc.tokbox.com: type A, class IN, addr 74.201.205.3
|
|
|
Name: mantis004-sjc.tokbox.com
|
|
|
Type: A (Host Address) (1)
|
|
|
Class: IN (0x0001)
|
|
|
Time to live: 7200
|
|
|
Data length: 4
|
|
|
Address: mantis004-sjc.tokbox.com (74.201.205.3)
|
|
|
|
|
|
Domain Name System (response)
|
|
|
Transaction ID: 0xecea
|
|
|
Flags: 0x8180 Standard query response, No error
|
|
|
1... .... .... .... = Response: Message is a response
|
|
|
.000 0... .... .... = Opcode: Standard query (0)
|
|
|
.... .0.. .... .... = Authoritative: Server is not an authority for domain
|
|
|
.... ..0. .... .... = Truncated: Message is not truncated
|
|
|
.... ...1 .... .... = Recursion desired: Do query recursively
|
|
|
.... .... 1... .... = Recursion available: Server can do recursive queries
|
|
|
.... .... .0.. .... = Z: reserved (0)
|
|
|
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
|
|
|
.... .... ...0 .... = Non-authenticated data: Unacceptable
|
|
|
.... .... .... 0000 = Reply code: No error (0)
|
|
|
Questions: 1
|
|
|
Answer RRs: 0
|
|
|
Authority RRs: 1
|
|
|
Additional RRs: 0
|
|
|
Queries
|
|
|
mantis004-sjc.tokbox.com: type AAAA, class IN
|
|
|
Name: mantis004-sjc.tokbox.com
|
|
|
[Name Length: 24]
|
|
|
[Label Count: 3]
|
|
|
Type: AAAA (IPv6 Address) (28)
|
|
|
Class: IN (0x0001)
|
|
|
Authoritative nameservers
|
|
|
tokbox.com: type SOA, class IN, mname ns1.p20.dynect.net
|
|
|
Name: tokbox.com
|
|
|
Type: SOA (Start Of a zone of Authority) (6)
|
|
|
Class: IN (0x0001)
|
|
|
Time to live: 60
|
|
|
Data length: 46
|
|
|
Primary name server: ns1.p20.dynect.net
|
|
|
Responsible authority's mailbox: ops.tokbox.com
|
|
|
Serial Number: 2785
|
|
|
Refresh Interval: 3600 (1 hour)
|
|
|
Retry Interval: 600 (10 minutes)
|
|
|
Expire limit: 604800 (7 days)
|
|
|
Minimum TTL: 60 (1 minute)
|
|
|
</pre>
|
|
|
|
|
|
### DTLS
|
|
|
|
|
|
#### Firefox
|
|
|
Client hello, using DTLSv1.0, offers 73 cipher suites and 58 elliptic curves.
|
|
|
(dcf: wow, look at all the trash ciphersuites: anon/EXPORT/NULL. Whatever this is looks pretty insecure.)
|
|
|
|
|
|
<pre>
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 0
|
|
|
Length: 284
|
|
|
Handshake Protocol: Client Hello
|
|
|
Handshake Type: Client Hello (1)
|
|
|
Length: 272
|
|
|
Message Sequence: 0
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 272
|
|
|
Version: DTLS 1.0 (0xfeff)
|
|
|
Random
|
|
|
<b> GMT Unix Time: Oct 24, 2033 15:10:17.000000000 PDT</b>
|
|
|
Random Bytes: 72f6edee1c5b0c9339761f8a4397d9e4cba5811856849cc6...
|
|
|
Session ID Length: 0
|
|
|
Cookie Length: 0
|
|
|
Cipher Suites Length: 146
|
|
|
Cipher Suites (73 suites)
|
|
|
<b> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)
|
|
|
Cipher Suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA (0x0089)
|
|
|
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
|
|
|
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
|
|
|
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
|
|
|
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)
|
|
|
Cipher Suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA (0x0034)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_SEED_CBC_SHA (0x009b)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA (0x0046)
|
|
|
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
|
|
|
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
|
|
|
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
|
|
|
Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
|
|
|
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
|
|
|
Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)
|
|
|
Cipher Suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x001b)
|
|
|
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
|
|
|
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
|
|
|
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_DES_CBC_SHA (0x000f)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_DES_CBC_SHA (0x000c)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA (0x001a)
|
|
|
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
|
|
|
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
|
|
|
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
|
|
|
Cipher Suite: TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000e)
|
|
|
Cipher Suite: TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA (0x000b)
|
|
|
Cipher Suite: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x0019)
|
|
|
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
|
|
|
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_NULL_SHA (0xc010)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA (0xc006)
|
|
|
Cipher Suite: TLS_ECDH_anon_WITH_NULL_SHA (0xc015)
|
|
|
Cipher Suite: TLS_ECDH_RSA_WITH_NULL_SHA (0xc00b)
|
|
|
Cipher Suite: TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001)
|
|
|
Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002)
|
|
|
Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
|
|
|
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)</span>
|
|
|
Compression Methods Length: 1
|
|
|
Compression Methods (1 method)
|
|
|
Compression Method: null (0)
|
|
|
Extensions Length: 84
|
|
|
<b> Extension: ec_point_formats
|
|
|
Type: ec_point_formats (0x000b)
|
|
|
Length: 4
|
|
|
EC point formats Length: 3
|
|
|
Elliptic curves point formats (3)
|
|
|
EC point format: uncompressed (0)
|
|
|
EC point format: ansiX962_compressed_prime (1)
|
|
|
EC point format: ansiX962_compressed_char2 (2)
|
|
|
Extension: elliptic_curves
|
|
|
Type: elliptic_curves (0x000a)
|
|
|
Length: 58
|
|
|
Elliptic Curves Length: 56
|
|
|
Elliptic curves (28 curves)
|
|
|
Elliptic curve: sect571r1 (0x000e)
|
|
|
Elliptic curve: sect571k1 (0x000d)
|
|
|
Elliptic curve: secp521r1 (0x0019)
|
|
|
Elliptic curve: brainpoolP512r1 (0x001c)
|
|
|
Elliptic curve: sect409k1 (0x000b)
|
|
|
Elliptic curve: sect409r1 (0x000c)
|
|
|
Elliptic curve: brainpoolP384r1 (0x001b)
|
|
|
Elliptic curve: secp384r1 (0x0018)
|
|
|
Elliptic curve: sect283k1 (0x0009)
|
|
|
Elliptic curve: sect283r1 (0x000a)
|
|
|
Elliptic curve: brainpoolP256r1 (0x001a)
|
|
|
Elliptic curve: secp256k1 (0x0016)
|
|
|
Elliptic curve: secp256r1 (0x0017)
|
|
|
Elliptic curve: sect239k1 (0x0008)
|
|
|
Elliptic curve: sect233k1 (0x0006)
|
|
|
Elliptic curve: sect233r1 (0x0007)
|
|
|
Elliptic curve: secp224k1 (0x0014)
|
|
|
Elliptic curve: secp224r1 (0x0015)
|
|
|
Elliptic curve: sect193r1 (0x0004)
|
|
|
Elliptic curve: sect193r2 (0x0005)
|
|
|
Elliptic curve: secp192k1 (0x0012)
|
|
|
Elliptic curve: secp192r1 (0x0013)
|
|
|
Elliptic curve: sect163k1 (0x0001)
|
|
|
Elliptic curve: sect163r1 (0x0002)
|
|
|
Elliptic curve: sect163r2 (0x0003)
|
|
|
Elliptic curve: secp160k1 (0x000f)
|
|
|
Elliptic curve: secp160r1 (0x0010)
|
|
|
Elliptic curve: secp160r2 (0x0011)
|
|
|
Extension: Heartbeat
|
|
|
Type: Heartbeat (0x000f)
|
|
|
Length: 1
|
|
|
Mode: Peer allowed to send requests (1)
|
|
|
Extension: use_srtp
|
|
|
Type: use_srtp (0x000e)
|
|
|
Length: 5
|
|
|
Data (5 bytes)</span>
|
|
|
</pre>
|
|
|
|
|
|
The server hello chooses 0xc00a cipher suite. The certificate exchanged at this point includes no information about the service being used.
|
|
|
(dcf: I'm not familiar with this protocol. Check out how the first certificate has only a one-month validity period.)
|
|
|
|
|
|
<pre>
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 0
|
|
|
Length: 104
|
|
|
Handshake Protocol: Server Hello
|
|
|
Handshake Type: Server Hello (2)
|
|
|
Length: 92
|
|
|
Message Sequence: 0
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 92
|
|
|
Version: DTLS 1.0 (0xfeff)
|
|
|
Random
|
|
|
<b> GMT Unix Time: Aug 12, 2005 06:36:11.000000000 PDT</b>
|
|
|
Random Bytes: da72433e51531543ee4e5c449700d9e055e912fc34fd5909...
|
|
|
Session ID Length: 32
|
|
|
Session ID (32 bytes)
|
|
|
<b> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)</b>
|
|
|
Compression Method: null (0)
|
|
|
Extensions Length: 20
|
|
|
<b> Extension: ec_point_formats
|
|
|
Type: ec_point_formats (0x000b)
|
|
|
Length: 2
|
|
|
EC point formats Length: 1
|
|
|
Elliptic curves point formats (1)
|
|
|
EC point format: uncompressed (0)
|
|
|
Extension: use_srtp
|
|
|
Type: use_srtp (0x000e)
|
|
|
Length: 5
|
|
|
Data (5 bytes)
|
|
|
Extension: renegotiation_info
|
|
|
Type: renegotiation_info (0xff01)
|
|
|
Length: 1
|
|
|
Renegotiation Info extension
|
|
|
Renegotiation info extension length: 0</span>
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 1
|
|
|
Length: 286
|
|
|
Handshake Protocol: Certificate
|
|
|
Handshake Type: Certificate (11)
|
|
|
Length: 274
|
|
|
Message Sequence: 1
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 274
|
|
|
Certificates Length: 271
|
|
|
Certificates (271 bytes)
|
|
|
Certificate Length: 268
|
|
|
Certificate (<b>id-at-commonName=2</b>)
|
|
|
signedCertificate
|
|
|
version: v3 (2)
|
|
|
serialNumber: 3260359887
|
|
|
signature (iso.2.840.10045.4.3.2)
|
|
|
Algorithm Id: 1.2.840.10045.4.3.2 (iso.2.840.10045.4.3.2)
|
|
|
issuer: rdnSequence (0)
|
|
|
rdnSequence: 1 item (id-at-commonName=2)
|
|
|
RDNSequence item: 1 item (id-at-commonName=2)
|
|
|
RelativeDistinguishedName item (id-at-commonName=2)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: 2
|
|
|
validity
|
|
|
notBefore: utcTime (0)
|
|
|
utcTime: 16-01-19 22:38:13 (UTC)
|
|
|
notAfter: utcTime (0)
|
|
|
utcTime: 16-02-19 22:38:13 (UTC)
|
|
|
subject: rdnSequence (0)
|
|
|
rdnSequence: 1 item (id-at-commonName=2)
|
|
|
RDNSequence item: 1 item (id-at-commonName=2)
|
|
|
RelativeDistinguishedName item (id-at-commonName=2)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: 2
|
|
|
subjectPublicKeyInfo
|
|
|
algorithm (id-ecPublicKey)
|
|
|
Algorithm Id: 1.2.840.10045.2.1 (id-ecPublicKey)
|
|
|
ECParameters: namedCurve (0)
|
|
|
namedCurve: 1.2.840.10045.3.1.7 (secp256r1)
|
|
|
Padding: 0
|
|
|
subjectPublicKey: 0453da6b9d9a4102960e077401f869db015bdaac4ce49a6c...
|
|
|
algorithmIdentifier (iso.2.840.10045.4.3.2)
|
|
|
Algorithm Id: 1.2.840.10045.4.3.2 (iso.2.840.10045.4.3.2)
|
|
|
Padding: 0
|
|
|
encrypted: 304502201062d3fb7b493022779e796399ab20442545c59a...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Key Exchange
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 2
|
|
|
Length: 154
|
|
|
Handshake Protocol: Server Key Exchange
|
|
|
Handshake Type: Server Key Exchange (12)
|
|
|
Length: 142
|
|
|
Message Sequence: 2
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 142
|
|
|
EC Diffie-Hellman Server Params
|
|
|
Curve Type: named_curve (0x03)
|
|
|
Named Curve: secp256r1 (0x0017)
|
|
|
Pubkey Length: 65
|
|
|
Pubkey: 04094aba540abe15421362f07eddab781d1f7e766ad5cb83...
|
|
|
Signature Length: 71
|
|
|
Signature: 304502202b2ec5c601f846c295af8033308a973f617f4f19...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate Request
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 3
|
|
|
Length: 18
|
|
|
Handshake Protocol: Certificate Request
|
|
|
Handshake Type: Certificate Request (13)
|
|
|
Length: 6
|
|
|
Message Sequence: 3
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 6
|
|
|
Certificate types count: 3
|
|
|
Certificate types (3 types)
|
|
|
Certificate type: RSA Sign (1)
|
|
|
Certificate type: ECDSA Sign (64)
|
|
|
Certificate type: DSS Sign (2)
|
|
|
Distinguished Names Length: 0
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 4
|
|
|
Length: 12
|
|
|
Handshake Protocol: Server Hello Done
|
|
|
Handshake Type: Server Hello Done (14)
|
|
|
Length: 0
|
|
|
Message Sequence: 4
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 0
|
|
|
</pre>
|
|
|
|
|
|
Then another certificate exchange with a revealing certificate, describing the STUN server:
|
|
|
|
|
|
<pre>
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 1
|
|
|
Length: 603
|
|
|
Handshake Protocol: Certificate
|
|
|
Handshake Type: Certificate (11)
|
|
|
Length: 591
|
|
|
Message Sequence: 1
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 591
|
|
|
Certificates Length: 588
|
|
|
Certificates (588 bytes)
|
|
|
Certificate Length: 585
|
|
|
Certificate (<b>id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US</b>)
|
|
|
signedCertificate
|
|
|
serialNumber: -267696997996496148
|
|
|
signature (shaWithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
|
|
|
issuer: rdnSequence (0)
|
|
|
rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
|
|
|
RDNSequence item: 1 item (id-at-countryName=US)
|
|
|
RelativeDistinguishedName item (id-at-countryName=US)
|
|
|
Id: 2.5.4.6 (id-at-countryName)
|
|
|
CountryName: US
|
|
|
RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
|
|
|
RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
|
|
|
Id: 2.5.4.8 (id-at-stateOrProvinceName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: California
|
|
|
RDNSequence item: 1 item (id-at-localityName=San Francisco)
|
|
|
RelativeDistinguishedName item (id-at-localityName=San Francisco)
|
|
|
Id: 2.5.4.7 (id-at-localityName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: San Francisco
|
|
|
RDNSequence item: 1 item (id-at-organizationName=Tokbox)
|
|
|
RelativeDistinguishedName item (id-at-organizationName=Tokbox)
|
|
|
Id: 2.5.4.10 (id-at-organizationName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: Tokbox
|
|
|
RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
|
|
|
RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: mantis.tokbox.com
|
|
|
validity
|
|
|
notBefore: utcTime (0)
|
|
|
utcTime: 14-07-30 18:41:44 (UTC)
|
|
|
notAfter: utcTime (0)
|
|
|
utcTime: 24-07-27 18:41:44 (UTC)
|
|
|
subject: rdnSequence (0)
|
|
|
rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
|
|
|
RDNSequence item: 1 item (id-at-countryName=US)
|
|
|
RelativeDistinguishedName item (id-at-countryName=US)
|
|
|
Id: 2.5.4.6 (id-at-countryName)
|
|
|
CountryName: US
|
|
|
RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
|
|
|
RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
|
|
|
Id: 2.5.4.8 (id-at-stateOrProvinceName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: California
|
|
|
RDNSequence item: 1 item (id-at-localityName=San Francisco)
|
|
|
RelativeDistinguishedName item (id-at-localityName=San Francisco)
|
|
|
Id: 2.5.4.7 (id-at-localityName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: San Francisco
|
|
|
RDNSequence item: 1 item (id-at-organizationName=Tokbox)
|
|
|
RelativeDistinguishedName item (id-at-organizationName=Tokbox)
|
|
|
Id: 2.5.4.10 (id-at-organizationName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: Tokbox
|
|
|
RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
|
|
|
RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: mantis.tokbox.com
|
|
|
subjectPublicKeyInfo
|
|
|
algorithm (rsaEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
|
|
|
Padding: 0
|
|
|
subjectPublicKey: 30818902818100bea2170f27caed5cf16dc53f909932b869...
|
|
|
algorithmIdentifier (shaWithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
|
|
|
Padding: 0
|
|
|
encrypted: ae89516a687d33a7ec9c75a66921bca1ae0e7e60586c58e2...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Client Key Exchange
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 2
|
|
|
Length: 78
|
|
|
Handshake Protocol: Client Key Exchange
|
|
|
Handshake Type: Client Key Exchange (16)
|
|
|
Length: 66
|
|
|
Message Sequence: 2
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 66
|
|
|
EC Diffie-Hellman Client Params
|
|
|
Pubkey Length: 65
|
|
|
<b> Pubkey: 04e587aa9837220da69673630735f557b15f0e1a84212555...</b>
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate Verify
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 3
|
|
|
Length: 142
|
|
|
Handshake Protocol: Certificate Verify
|
|
|
Handshake Type: Certificate Verify (15)
|
|
|
Length: 130
|
|
|
Message Sequence: 3
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 130
|
|
|
DTLSv1.0 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
|
|
|
Content Type: Change Cipher Spec (20)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 4
|
|
|
Length: 1
|
|
|
Change Cipher Spec Message
|
|
|
Record Layer
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 1
|
|
|
Sequence Number: 0
|
|
|
Length: 64
|
|
|
Handshake Protocol
|
|
|
</pre>
|
|
|
|
|
|
And then another client hello happened, with a different DTLS version (DTLSv1.2) and different cipher suites and hash algorithms. The APN extension also reveals WebRTC.
|
|
|
|
|
|
<pre>
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.2 (0xfefd)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 0
|
|
|
Length: 152
|
|
|
Handshake Protocol: Client Hello
|
|
|
Handshake Type: Client Hello (1)
|
|
|
Length: 140
|
|
|
Message Sequence: 0
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 140
|
|
|
Version: DTLS 1.2 (0xfefd)
|
|
|
Random
|
|
|
<b> GMT Unix Time: Nov 7, 2055 01:44:02.000000000 PDT</b>
|
|
|
Random Bytes: c89aa6b07ee7a2ae228e132f8a9a32ae85de577e57c688ad...
|
|
|
Session ID Length: 0
|
|
|
Cookie Length: 0
|
|
|
Cipher Suites Length: 16
|
|
|
Cipher Suites (8 suites)
|
|
|
<b> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)</span>
|
|
|
Compression Methods Length: 1
|
|
|
Compression Methods (1 method)
|
|
|
Compression Method: null (0)
|
|
|
Extensions Length: 82
|
|
|
<b> Extension: renegotiation_info
|
|
|
Type: renegotiation_info (0xff01)
|
|
|
Length: 1
|
|
|
Renegotiation Info extension
|
|
|
Renegotiation info extension length: 0
|
|
|
Extension: elliptic_curves
|
|
|
Type: elliptic_curves (0x000a)
|
|
|
Length: 8
|
|
|
Elliptic Curves Length: 6
|
|
|
Elliptic curves (3 curves)
|
|
|
Elliptic curve: secp256r1 (0x0017)
|
|
|
Elliptic curve: secp384r1 (0x0018)
|
|
|
Elliptic curve: secp521r1 (0x0019)
|
|
|
Extension: ec_point_formats
|
|
|
Type: ec_point_formats (0x000b)
|
|
|
Length: 2
|
|
|
EC point formats Length: 1
|
|
|
Elliptic curves point formats (1)
|
|
|
EC point format: uncompressed (0)
|
|
|
Extension: Application Layer Protocol Negotiation
|
|
|
Type: Application Layer Protocol Negotiation (0x0010)
|
|
|
Length: 18
|
|
|
ALPN Extension Length: 16
|
|
|
ALPN Protocol
|
|
|
ALPN string length: 6
|
|
|
<b> ALPN Next Protocol: webrtc</b>
|
|
|
ALPN string length: 8
|
|
|
<b> ALPN Next Protocol: c-webrtc</b>
|
|
|
Extension: use_srtp
|
|
|
Type: use_srtp (0x000e)
|
|
|
Length: 7
|
|
|
Data (7 bytes)
|
|
|
Extension: signature_algorithms
|
|
|
Type: signature_algorithms (0x000d)
|
|
|
Length: 22
|
|
|
Signature Hash Algorithms Length: 20
|
|
|
Signature Hash Algorithms (10 algorithms)
|
|
|
Signature Hash Algorithm: 0x0401
|
|
|
Signature Hash Algorithm Hash: SHA256 (4)
|
|
|
Signature Hash Algorithm Signature: RSA (1)
|
|
|
Signature Hash Algorithm: 0x0501
|
|
|
Signature Hash Algorithm Hash: SHA384 (5)
|
|
|
Signature Hash Algorithm Signature: RSA (1)
|
|
|
Signature Hash Algorithm: 0x0601
|
|
|
Signature Hash Algorithm Hash: SHA512 (6)
|
|
|
Signature Hash Algorithm Signature: RSA (1)
|
|
|
Signature Hash Algorithm: 0x0201
|
|
|
Signature Hash Algorithm Hash: SHA1 (2)
|
|
|
Signature Hash Algorithm Signature: RSA (1)
|
|
|
Signature Hash Algorithm: 0x0403
|
|
|
Signature Hash Algorithm Hash: SHA256 (4)
|
|
|
Signature Hash Algorithm Signature: ECDSA (3)
|
|
|
Signature Hash Algorithm: 0x0503
|
|
|
Signature Hash Algorithm Hash: SHA384 (5)
|
|
|
Signature Hash Algorithm Signature: ECDSA (3)
|
|
|
Signature Hash Algorithm: 0x0603
|
|
|
Signature Hash Algorithm Hash: SHA512 (6)
|
|
|
Signature Hash Algorithm Signature: ECDSA (3)
|
|
|
Signature Hash Algorithm: 0x0203
|
|
|
Signature Hash Algorithm Hash: SHA1 (2)
|
|
|
Signature Hash Algorithm Signature: ECDSA (3)
|
|
|
Signature Hash Algorithm: 0x0402
|
|
|
Signature Hash Algorithm Hash: SHA256 (4)
|
|
|
Signature Hash Algorithm Signature: DSA (2)
|
|
|
Signature Hash Algorithm: 0x0202
|
|
|
Signature Hash Algorithm Hash: SHA1 (2)
|
|
|
Signature Hash Algorithm Signature: DSA (2)</span>
|
|
|
</pre>
|
|
|
|
|
|
The server selects a different cipher suite:
|
|
|
|
|
|
<pre>
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 0
|
|
|
Length: 74
|
|
|
Handshake Protocol: Server Hello
|
|
|
Handshake Type: Server Hello (2)
|
|
|
Length: 62
|
|
|
Message Sequence: 0
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 62
|
|
|
Version: DTLS 1.0 (0xfeff)
|
|
|
Random
|
|
|
<b> GMT Unix Time: Jan 15, 2091 20:41:00.000000000 PST</b>
|
|
|
Random Bytes: 6114446e461d87fb0431cf4cd8273d15072b66c0ed52bb40...
|
|
|
Session ID Length: 0
|
|
|
<b> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)</b>
|
|
|
Compression Method: null (0)
|
|
|
Extensions Length: 22
|
|
|
<b> Extension: renegotiation_info
|
|
|
Type: renegotiation_info (0xff01)
|
|
|
Length: 1
|
|
|
Renegotiation Info extension
|
|
|
Renegotiation info extension length: 0
|
|
|
Extension: ec_point_formats
|
|
|
Type: ec_point_formats (0x000b)
|
|
|
Length: 4
|
|
|
EC point formats Length: 3
|
|
|
Elliptic curves point formats (3)
|
|
|
EC point format: uncompressed (0)
|
|
|
EC point format: ansiX962_compressed_prime (1)
|
|
|
EC point format: ansiX962_compressed_char2 (2)
|
|
|
Extension: use_srtp
|
|
|
Type: use_srtp (0x000e)
|
|
|
Length: 5
|
|
|
Data (5 bytes)</span>
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 1
|
|
|
Length: 603
|
|
|
Handshake Protocol: Certificate
|
|
|
Handshake Type: Certificate (11)
|
|
|
Length: 591
|
|
|
Message Sequence: 1
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 591
|
|
|
Certificates Length: 588
|
|
|
Certificates (588 bytes)
|
|
|
Certificate Length: 585
|
|
|
Certificate (<b>id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US</b>)
|
|
|
signedCertificate
|
|
|
serialNumber: -267696997996496148
|
|
|
signature (shaWithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
|
|
|
issuer: rdnSequence (0)
|
|
|
rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
|
|
|
RDNSequence item: 1 item (id-at-countryName=US)
|
|
|
RelativeDistinguishedName item (id-at-countryName=US)
|
|
|
Id: 2.5.4.6 (id-at-countryName)
|
|
|
CountryName: US
|
|
|
RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
|
|
|
RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
|
|
|
Id: 2.5.4.8 (id-at-stateOrProvinceName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: California
|
|
|
RDNSequence item: 1 item (id-at-localityName=San Francisco)
|
|
|
RelativeDistinguishedName item (id-at-localityName=San Francisco)
|
|
|
Id: 2.5.4.7 (id-at-localityName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: San Francisco
|
|
|
RDNSequence item: 1 item (id-at-organizationName=Tokbox)
|
|
|
RelativeDistinguishedName item (id-at-organizationName=Tokbox)
|
|
|
Id: 2.5.4.10 (id-at-organizationName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: Tokbox
|
|
|
RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
|
|
|
RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: mantis.tokbox.com
|
|
|
validity
|
|
|
notBefore: utcTime (0)
|
|
|
utcTime: 14-07-30 18:41:44 (UTC)
|
|
|
notAfter: utcTime (0)
|
|
|
utcTime: 24-07-27 18:41:44 (UTC)
|
|
|
subject: rdnSequence (0)
|
|
|
rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
|
|
|
RDNSequence item: 1 item (id-at-countryName=US)
|
|
|
RelativeDistinguishedName item (id-at-countryName=US)
|
|
|
Id: 2.5.4.6 (id-at-countryName)
|
|
|
CountryName: US
|
|
|
RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
|
|
|
RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
|
|
|
Id: 2.5.4.8 (id-at-stateOrProvinceName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: California
|
|
|
RDNSequence item: 1 item (id-at-localityName=San Francisco)
|
|
|
RelativeDistinguishedName item (id-at-localityName=San Francisco)
|
|
|
Id: 2.5.4.7 (id-at-localityName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: San Francisco
|
|
|
RDNSequence item: 1 item (id-at-organizationName=Tokbox)
|
|
|
RelativeDistinguishedName item (id-at-organizationName=Tokbox)
|
|
|
Id: 2.5.4.10 (id-at-organizationName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: Tokbox
|
|
|
RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
|
|
|
RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: mantis.tokbox.com
|
|
|
subjectPublicKeyInfo
|
|
|
algorithm (rsaEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
|
|
|
Padding: 0
|
|
|
subjectPublicKey: 30818902818100bea2170f27caed5cf16dc53f909932b869...
|
|
|
algorithmIdentifier (shaWithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
|
|
|
Padding: 0
|
|
|
encrypted: ae89516a687d33a7ec9c75a66921bca1ae0e7e60586c58e2...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Key Exchange
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 2
|
|
|
Length: 211
|
|
|
Handshake Protocol: Server Key Exchange
|
|
|
Handshake Type: Server Key Exchange (12)
|
|
|
Length: 199
|
|
|
Message Sequence: 2
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 199
|
|
|
EC Diffie-Hellman Server Params
|
|
|
Curve Type: named_curve (0x03)
|
|
|
Named Curve: secp256r1 (0x0017)
|
|
|
Pubkey Length: 65
|
|
|
<b> Pubkey: 04ccbb0e527b32a548a5d60c4ed0dedafeb9f7dd501fafa5...</b>
|
|
|
Signature Length: 128
|
|
|
Signature: 60f3f0251e1147924af3d54ba0d6ff698fb8528ac8bbad1c...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
|
|
|
Content Type: Handshake (22)
|
|
|
<b> Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 3
|
|
|
Length: 12
|
|
|
Handshake Protocol: Server Hello Done
|
|
|
Handshake Type: Server Hello Done (14)
|
|
|
Length: 0
|
|
|
Message Sequence: 3
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 0
|
|
|
</pre>
|
|
|
|
|
|
#### Chrome
|
|
|
|
|
|
Same 73 trash cipher suites, same 28 ECs as Firefox.
|
|
|
|
|
|
<pre>
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 0
|
|
|
Length: 284
|
|
|
Handshake Protocol: Client Hello
|
|
|
Handshake Type: Client Hello (1)
|
|
|
Length: 272
|
|
|
Message Sequence: 0
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 272
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Random
|
|
|
<b>GMT Unix Time: Jun 30, 2096 12:59:49.000000000 PDT</b>
|
|
|
Random Bytes: 6626d676c93f15cdc4d3ddf9d22bac7de556b7d9cc5c8768...
|
|
|
Session ID Length: 0
|
|
|
Cookie Length: 0
|
|
|
Cipher Suites Length: 146
|
|
|
<b> Cipher Suites (73 suites)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)
|
|
|
Cipher Suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA (0x0089)
|
|
|
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
|
|
|
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
|
|
|
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
|
|
|
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)
|
|
|
Cipher Suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA (0x0034)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_SEED_CBC_SHA (0x009b)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA (0x0046)
|
|
|
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
|
|
|
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
|
|
|
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
|
|
|
Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
|
|
|
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
|
|
|
Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)
|
|
|
Cipher Suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x001b)
|
|
|
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
|
|
|
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
|
|
|
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
|
|
|
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
|
|
|
Cipher Suite: TLS_DH_RSA_WITH_DES_CBC_SHA (0x000f)
|
|
|
Cipher Suite: TLS_DH_DSS_WITH_DES_CBC_SHA (0x000c)
|
|
|
Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA (0x001a)
|
|
|
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
|
|
|
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
|
|
|
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
|
|
|
Cipher Suite: TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000e)
|
|
|
Cipher Suite: TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA (0x000b)
|
|
|
Cipher Suite: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x0019)
|
|
|
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
|
|
|
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_NULL_SHA (0xc010)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA (0xc006)
|
|
|
Cipher Suite: TLS_ECDH_anon_WITH_NULL_SHA (0xc015)
|
|
|
Cipher Suite: TLS_ECDH_RSA_WITH_NULL_SHA (0xc00b)
|
|
|
Cipher Suite: TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001)
|
|
|
Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002)
|
|
|
Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
|
|
|
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)</span>
|
|
|
Compression Methods Length: 1
|
|
|
Compression Methods (1 method)
|
|
|
Compression Method: null (0)
|
|
|
Extensions Length: 84
|
|
|
<b> Extension: ec_point_formats
|
|
|
Type: ec_point_formats (0x000b)
|
|
|
Length: 4
|
|
|
EC point formats Length: 3
|
|
|
Elliptic curves point formats (3)
|
|
|
EC point format: uncompressed (0)
|
|
|
EC point format: ansiX962_compressed_prime (1)
|
|
|
EC point format: ansiX962_compressed_char2 (2)
|
|
|
Extension: elliptic_curves
|
|
|
Type: elliptic_curves (0x000a)
|
|
|
Length: 58
|
|
|
Elliptic Curves Length: 56
|
|
|
Elliptic curves (28 curves)
|
|
|
Elliptic curve: sect571r1 (0x000e)
|
|
|
Elliptic curve: sect571k1 (0x000d)
|
|
|
Elliptic curve: secp521r1 (0x0019)
|
|
|
Elliptic curve: brainpoolP512r1 (0x001c)
|
|
|
Elliptic curve: sect409k1 (0x000b)
|
|
|
Elliptic curve: sect409r1 (0x000c)
|
|
|
Elliptic curve: brainpoolP384r1 (0x001b)
|
|
|
Elliptic curve: secp384r1 (0x0018)
|
|
|
Elliptic curve: sect283k1 (0x0009)
|
|
|
Elliptic curve: sect283r1 (0x000a)
|
|
|
Elliptic curve: brainpoolP256r1 (0x001a)
|
|
|
Elliptic curve: secp256k1 (0x0016)
|
|
|
Elliptic curve: secp256r1 (0x0017)
|
|
|
Elliptic curve: sect239k1 (0x0008)
|
|
|
Elliptic curve: sect233k1 (0x0006)
|
|
|
Elliptic curve: sect233r1 (0x0007)
|
|
|
Elliptic curve: secp224k1 (0x0014)
|
|
|
Elliptic curve: secp224r1 (0x0015)
|
|
|
Elliptic curve: sect193r1 (0x0004)
|
|
|
Elliptic curve: sect193r2 (0x0005)
|
|
|
Elliptic curve: secp192k1 (0x0012)
|
|
|
Elliptic curve: secp192r1 (0x0013)
|
|
|
Elliptic curve: sect163k1 (0x0001)
|
|
|
Elliptic curve: sect163r1 (0x0002)
|
|
|
Elliptic curve: sect163r2 (0x0003)
|
|
|
Elliptic curve: secp160k1 (0x000f)
|
|
|
Elliptic curve: secp160r1 (0x0010)
|
|
|
Elliptic curve: secp160r2 (0x0011)
|
|
|
Extension: Heartbeat
|
|
|
Type: Heartbeat (0x000f)
|
|
|
Length: 1
|
|
|
Mode: Peer allowed to send requests (1)
|
|
|
Extension: use_srtp
|
|
|
Type: use_srtp (0x000e)
|
|
|
Length: 5
|
|
|
Data (5 bytes)</span>
|
|
|
</pre>
|
|
|
|
|
|
id-at-commonName=WebRTC instead of id-at-commonName=2. This cert is also only valid for 1 month.
|
|
|
|
|
|
<pre>
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 0
|
|
|
Length: 104
|
|
|
Handshake Protocol: Server Hello
|
|
|
Handshake Type: Server Hello (2)
|
|
|
Length: 92
|
|
|
Message Sequence: 0
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 92
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Random
|
|
|
GMT Unix Time: Jan 28, 2016 16:18:35.000000000 PST
|
|
|
Random Bytes: 141ae34bdea56488368a8d586f8224d4c0522145b26873d1...
|
|
|
Session ID Length: 32
|
|
|
Session ID (32 bytes)
|
|
|
<b>Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)</b>
|
|
|
Compression Method: null (0)
|
|
|
Extensions Length: 20
|
|
|
<b>Extension: renegotiation_info
|
|
|
Type: renegotiation_info (0xff01)
|
|
|
Length: 1
|
|
|
Renegotiation Info extension
|
|
|
Renegotiation info extension length: 0
|
|
|
Extension: use_srtp
|
|
|
Type: use_srtp (0x000e)
|
|
|
Length: 5
|
|
|
Data (5 bytes)
|
|
|
Extension: ec_point_formats
|
|
|
Type: ec_point_formats (0x000b)
|
|
|
Length: 2
|
|
|
EC point formats Length: 1
|
|
|
Elliptic curves point formats (1)
|
|
|
EC point format: uncompressed (0)</span>
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate
|
|
|
Content Type: Handshake (22)
|
|
|
Version: DTLS 1.0 (0xfeff)
|
|
|
Epoch: 0
|
|
|
Sequence Number: 1
|
|
|
Length: 431
|
|
|
Handshake Protocol: Certificate
|
|
|
Handshake Type: Certificate (11)
|
|
|
Length: 419
|
|
|
Message Sequence: 1
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 419
|
|
|
Certificates Length: 416
|
|
|
Certificates (416 bytes)
|
|
|
Certificate Length: 413
|
|
|
Certificate (id-at-commonName=WebRTC)
|
|
|
signedCertificate
|
|
|
version: v3 (2)
|
|
|
serialNumber: 1600761351
|
|
|
signature (sha256WithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
|
|
|
issuer: rdnSequence (0)
|
|
|
rdnSequence: 1 item (<b>id-at-commonName=WebRTC</b>)
|
|
|
RDNSequence item: 1 item (id-at-commonName=WebRTC)
|
|
|
RelativeDistinguishedName item (id-at-commonName=WebRTC)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: uTF8String (4)
|
|
|
uTF8String: WebRTC
|
|
|
validity
|
|
|
notBefore: utcTime (0)
|
|
|
utcTime: 16-01-22 23:00:39 (UTC)
|
|
|
notAfter: utcTime (0)
|
|
|
utcTime: 16-02-21 23:00:39 (UTC)
|
|
|
subject: rdnSequence (0)
|
|
|
rdnSequence: 1 item (id-at-commonName=WebRTC)
|
|
|
RDNSequence item: 1 item (id-at-commonName=WebRTC)
|
|
|
RelativeDistinguishedName item (id-at-commonName=WebRTC)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: uTF8String (4)
|
|
|
uTF8String: WebRTC
|
|
|
subjectPublicKeyInfo
|
|
|
algorithm (rsaEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
|
|
|
Padding: 0
|
|
|
subjectPublicKey: 30818902818100cb7a64ace273bdce8358b860e9c3659272...
|
|
|
algorithmIdentifier (sha256WithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
|
|
|
Padding: 0
|
|
|
encrypted: 9bb28422e2424f334a3a7e67a1c35387df1ccfef88d05e71...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Key Exchange
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 2
|
|
|
Length: 211
|
|
|
Handshake Protocol: Server Key Exchange
|
|
|
Handshake Type: Server Key Exchange (12)
|
|
|
Length: 199
|
|
|
Message Sequence: 2
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 199
|
|
|
EC Diffie-Hellman Server Params
|
|
|
Curve Type: named_curve (0x03)
|
|
|
Named Curve: secp256r1 (0x0017)
|
|
|
Pubkey Length: 65
|
|
|
<b>Pubkey: 04b23c336a69f95437e43fbd56ff05508ac8262422c30f42...</b>
|
|
|
Signature Length: 128
|
|
|
Signature: 6407311ad3f584629405e0f7320dcee94835df8f3333297c...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate Request
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 3
|
|
|
Length: 17
|
|
|
Handshake Protocol: Certificate Request
|
|
|
Handshake Type: Certificate Request (13)
|
|
|
Length: 5
|
|
|
Message Sequence: 3
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 5
|
|
|
Certificate types count: 2
|
|
|
Certificate types (2 types)
|
|
|
Certificate type: RSA Sign (1)
|
|
|
Certificate type: ECDSA Sign (64)
|
|
|
Distinguished Names Length: 0
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 4
|
|
|
Length: 12
|
|
|
Handshake Protocol: Server Hello Done
|
|
|
Handshake Type: Server Hello Done (14)
|
|
|
Length: 0
|
|
|
Message Sequence: 4
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 0
|
|
|
</pre>
|
|
|
|
|
|
<pre>
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 1
|
|
|
Length: 603
|
|
|
Handshake Protocol: Certificate
|
|
|
Handshake Type: Certificate (11)
|
|
|
Length: 591
|
|
|
Message Sequence: 1
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 591
|
|
|
Certificates Length: 588
|
|
|
Certificates (588 bytes)
|
|
|
Certificate Length: 585
|
|
|
Certificate (<b>id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox</b>,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
|
|
|
signedCertificate
|
|
|
serialNumber: -267696997996496148
|
|
|
signature (shaWithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
|
|
|
issuer: rdnSequence (0)
|
|
|
rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
|
|
|
RDNSequence item: 1 item (id-at-countryName=US)
|
|
|
RelativeDistinguishedName item (id-at-countryName=US)
|
|
|
Id: 2.5.4.6 (id-at-countryName)
|
|
|
CountryName: US
|
|
|
RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
|
|
|
RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
|
|
|
Id: 2.5.4.8 (id-at-stateOrProvinceName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: California
|
|
|
RDNSequence item: 1 item (id-at-localityName=San Francisco)
|
|
|
RelativeDistinguishedName item (id-at-localityName=San Francisco)
|
|
|
Id: 2.5.4.7 (id-at-localityName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: San Francisco
|
|
|
RDNSequence item: 1 item (id-at-organizationName=Tokbox)
|
|
|
RelativeDistinguishedName item (id-at-organizationName=Tokbox)
|
|
|
Id: 2.5.4.10 (id-at-organizationName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: Tokbox
|
|
|
RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
|
|
|
RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: mantis.tokbox.com
|
|
|
validity
|
|
|
notBefore: utcTime (0)
|
|
|
utcTime: 14-07-30 18:41:44 (UTC)
|
|
|
notAfter: utcTime (0)
|
|
|
utcTime: 24-07-27 18:41:44 (UTC)
|
|
|
subject: rdnSequence (0)
|
|
|
rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
|
|
|
RDNSequence item: 1 item (id-at-countryName=US)
|
|
|
RelativeDistinguishedName item (id-at-countryName=US)
|
|
|
Id: 2.5.4.6 (id-at-countryName)
|
|
|
CountryName: US
|
|
|
RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
|
|
|
RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
|
|
|
Id: 2.5.4.8 (id-at-stateOrProvinceName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: California
|
|
|
RDNSequence item: 1 item (id-at-localityName=San Francisco)
|
|
|
RelativeDistinguishedName item (id-at-localityName=San Francisco)
|
|
|
Id: 2.5.4.7 (id-at-localityName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: San Francisco
|
|
|
RDNSequence item: 1 item (id-at-organizationName=Tokbox)
|
|
|
RelativeDistinguishedName item (id-at-organizationName=Tokbox)
|
|
|
Id: 2.5.4.10 (id-at-organizationName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: Tokbox
|
|
|
RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
|
|
|
RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: mantis.tokbox.com
|
|
|
subjectPublicKeyInfo
|
|
|
algorithm (rsaEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
|
|
|
Padding: 0
|
|
|
subjectPublicKey: 30818902818100bea2170f27caed5cf16dc53f909932b869...
|
|
|
algorithmIdentifier (shaWithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
|
|
|
Padding: 0
|
|
|
encrypted: ae89516a687d33a7ec9c75a66921bca1ae0e7e60586c58e2...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Client Key Exchange
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 2
|
|
|
Length: 78
|
|
|
Handshake Protocol: Client Key Exchange
|
|
|
Handshake Type: Client Key Exchange (16)
|
|
|
Length: 66
|
|
|
Message Sequence: 2
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 66
|
|
|
EC Diffie-Hellman Client Params
|
|
|
Pubkey Length: 65
|
|
|
Pubkey: 04c620ebe617992b983ec14eee36e0bbf18f1932c4ba26a0...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate Verify
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 3
|
|
|
Length: 142
|
|
|
Handshake Protocol: Certificate Verify
|
|
|
Handshake Type: Certificate Verify (15)
|
|
|
Length: 130
|
|
|
Message Sequence: 3
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 130
|
|
|
DTLSv1.0 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
|
|
|
Content Type: Change Cipher Spec (20)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 4
|
|
|
Length: 1
|
|
|
Change Cipher Spec Message
|
|
|
Record Layer
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 1
|
|
|
Sequence Number: 0
|
|
|
Length: 64
|
|
|
Handshake Protocol
|
|
|
</pre>
|
|
|
|
|
|
Second client hello. Weirdly, the first part of the packet says DTLS 1.0, second part says DTLS 1.2. Notice how extensions are different than the Firefox client hello.;
|
|
|
|
|
|
<pre>
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Client Hello
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 0
|
|
|
Length: 150
|
|
|
Handshake Protocol: Client Hello
|
|
|
Handshake Type: Client Hello (1)
|
|
|
Length: 138
|
|
|
Message Sequence: 0
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 138
|
|
|
<b>Version: DTLS 1.2 (0xfefd)</b>
|
|
|
Random
|
|
|
<b>GMT Unix Time: Sep 8, 1991 05:05:34.000000000 PDT</b>
|
|
|
Random Bytes: 367c6923a9da9b0f08ec82bcb97b8097011b4e167408fa88...
|
|
|
Session ID Length: 0
|
|
|
Cookie Length: 0
|
|
|
Cipher Suites Length: 30
|
|
|
<b>Cipher Suites (15 suites)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
|
|
|
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
|
|
|
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
|
|
|
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
|
|
|
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
|
|
|
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
|
|
|
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
|
|
|
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)</span>
|
|
|
Compression Methods Length: 1
|
|
|
Compression Methods (1 method)
|
|
|
Compression Method: null (0)
|
|
|
Extensions Length: 66
|
|
|
<b>Extension: renegotiation_info
|
|
|
Type: renegotiation_info (0xff01)
|
|
|
Length: 1
|
|
|
Renegotiation Info extension
|
|
|
Renegotiation info extension length: 0
|
|
|
<b>Extension: Unknown 23
|
|
|
Type: Unknown (0x0017)
|
|
|
Length: 0
|
|
|
Data (0 bytes)</span>
|
|
|
Extension: SessionTicket TLS
|
|
|
Type: SessionTicket TLS (0x0023)
|
|
|
Length: 0
|
|
|
Data (0 bytes)
|
|
|
Extension: signature_algorithms
|
|
|
Type: signature_algorithms (0x000d)
|
|
|
Length: 22
|
|
|
Signature Hash Algorithms Length: 20
|
|
|
Signature Hash Algorithms (10 algorithms)
|
|
|
Signature Hash Algorithm: 0x0601
|
|
|
Signature Hash Algorithm Hash: SHA512 (6)
|
|
|
Signature Hash Algorithm Signature: RSA (1)
|
|
|
Signature Hash Algorithm: 0x0603
|
|
|
Signature Hash Algorithm Hash: SHA512 (6)
|
|
|
Signature Hash Algorithm Signature: ECDSA (3)
|
|
|
Signature Hash Algorithm: 0x0501
|
|
|
Signature Hash Algorithm Hash: SHA384 (5)
|
|
|
Signature Hash Algorithm Signature: RSA (1)
|
|
|
Signature Hash Algorithm: 0x0503
|
|
|
Signature Hash Algorithm Hash: SHA384 (5)
|
|
|
Signature Hash Algorithm Signature: ECDSA (3)
|
|
|
Signature Hash Algorithm: 0x0401
|
|
|
Signature Hash Algorithm Hash: SHA256 (4)
|
|
|
Signature Hash Algorithm Signature: RSA (1)
|
|
|
Signature Hash Algorithm: 0x0403
|
|
|
Signature Hash Algorithm Hash: SHA256 (4)
|
|
|
Signature Hash Algorithm Signature: ECDSA (3)
|
|
|
Signature Hash Algorithm: 0x0301
|
|
|
Signature Hash Algorithm Hash: SHA224 (3)
|
|
|
Signature Hash Algorithm Signature: RSA (1)
|
|
|
Signature Hash Algorithm: 0x0303
|
|
|
Signature Hash Algorithm Hash: SHA224 (3)
|
|
|
Signature Hash Algorithm Signature: ECDSA (3)
|
|
|
Signature Hash Algorithm: 0x0201
|
|
|
Signature Hash Algorithm Hash: SHA1 (2)
|
|
|
Signature Hash Algorithm Signature: RSA (1)
|
|
|
Signature Hash Algorithm: 0x0203
|
|
|
Signature Hash Algorithm Hash: SHA1 (2)
|
|
|
Signature Hash Algorithm Signature: ECDSA (3)
|
|
|
Extension: use_srtp
|
|
|
Type: use_srtp (0x000e)
|
|
|
Length: 7
|
|
|
Data (7 bytes)
|
|
|
Extension: ec_point_formats
|
|
|
Type: ec_point_formats (0x000b)
|
|
|
Length: 2
|
|
|
EC point formats Length: 1
|
|
|
Elliptic curves point formats (1)
|
|
|
EC point format: uncompressed (0)
|
|
|
Extension: elliptic_curves
|
|
|
Type: elliptic_curves (0x000a)
|
|
|
Length: 6
|
|
|
Elliptic Curves Length: 4
|
|
|
Elliptic curves (2 curves)
|
|
|
Elliptic curve: secp256r1 (0x0017)
|
|
|
Elliptic curve: secp384r1 (0x0018)</span>
|
|
|
</pre>
|
|
|
|
|
|
<pre>
|
|
|
Datagram Transport Layer Security
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 0
|
|
|
Length: 74
|
|
|
Handshake Protocol: Server Hello
|
|
|
Handshake Type: Server Hello (2)
|
|
|
Length: 62
|
|
|
Message Sequence: 0
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 62
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Random
|
|
|
<b>GMT Unix Time: Nov 25, 2010 18:01:53.000000000 PST</b>
|
|
|
Random Bytes: ebde5bdcdd5dc0110ac8785585c210e1ee15e0a459d0d6c4...
|
|
|
Session ID Length: 0
|
|
|
<b>Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)</b>
|
|
|
Compression Method: null (0)
|
|
|
Extensions Length: 22
|
|
|
<b>Extension: renegotiation_info
|
|
|
Type: renegotiation_info (0xff01)
|
|
|
Length: 1
|
|
|
Renegotiation Info extension
|
|
|
Renegotiation info extension length: 0
|
|
|
Extension: ec_point_formats
|
|
|
Type: ec_point_formats (0x000b)
|
|
|
Length: 4
|
|
|
EC point formats Length: 3
|
|
|
Elliptic curves point formats (3)
|
|
|
EC point format: uncompressed (0)
|
|
|
EC point format: ansiX962_compressed_prime (1)
|
|
|
EC point format: ansiX962_compressed_char2 (2)
|
|
|
Extension: use_srtp
|
|
|
Type: use_srtp (0x000e)
|
|
|
Length: 5
|
|
|
Data (5 bytes)</span>
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Certificate
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 1
|
|
|
Length: 603
|
|
|
Handshake Protocol: Certificate
|
|
|
Handshake Type: Certificate (11)
|
|
|
Length: 591
|
|
|
Message Sequence: 1
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 591
|
|
|
Certificates Length: 588
|
|
|
Certificates (588 bytes)
|
|
|
Certificate Length: 585
|
|
|
Certificate (<b>id-at-commonName=mantis.tokbox.com</b>,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
|
|
|
signedCertificate
|
|
|
serialNumber: -267696997996496148
|
|
|
signature (shaWithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
|
|
|
issuer: rdnSequence (0)
|
|
|
rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
|
|
|
RDNSequence item: 1 item (id-at-countryName=US)
|
|
|
RelativeDistinguishedName item (id-at-countryName=US)
|
|
|
Id: 2.5.4.6 (id-at-countryName)
|
|
|
CountryName: US
|
|
|
RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
|
|
|
RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
|
|
|
Id: 2.5.4.8 (id-at-stateOrProvinceName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: California
|
|
|
RDNSequence item: 1 item (id-at-localityName=San Francisco)
|
|
|
RelativeDistinguishedName item (id-at-localityName=San Francisco)
|
|
|
Id: 2.5.4.7 (id-at-localityName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: San Francisco
|
|
|
RDNSequence item: 1 item (id-at-organizationName=Tokbox)
|
|
|
RelativeDistinguishedName item (id-at-organizationName=Tokbox)
|
|
|
Id: 2.5.4.10 (id-at-organizationName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: Tokbox
|
|
|
RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
|
|
|
RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: mantis.tokbox.com
|
|
|
validity
|
|
|
notBefore: utcTime (0)
|
|
|
utcTime: 14-07-30 18:41:44 (UTC)
|
|
|
notAfter: utcTime (0)
|
|
|
utcTime: 24-07-27 18:41:44 (UTC)
|
|
|
subject: rdnSequence (0)
|
|
|
rdnSequence: 5 items (id-at-commonName=mantis.tokbox.com,id-at-organizationName=Tokbox,id-at-localityName=San Francisco,id-at-stateOrProvinceName=California,id-at-countryName=US)
|
|
|
RDNSequence item: 1 item (id-at-countryName=US)
|
|
|
RelativeDistinguishedName item (id-at-countryName=US)
|
|
|
Id: 2.5.4.6 (id-at-countryName)
|
|
|
CountryName: US
|
|
|
RDNSequence item: 1 item (id-at-stateOrProvinceName=California)
|
|
|
RelativeDistinguishedName item (id-at-stateOrProvinceName=California)
|
|
|
Id: 2.5.4.8 (id-at-stateOrProvinceName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: California
|
|
|
RDNSequence item: 1 item (id-at-localityName=San Francisco)
|
|
|
RelativeDistinguishedName item (id-at-localityName=San Francisco)
|
|
|
Id: 2.5.4.7 (id-at-localityName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: San Francisco
|
|
|
RDNSequence item: 1 item (id-at-organizationName=Tokbox)
|
|
|
RelativeDistinguishedName item (id-at-organizationName=Tokbox)
|
|
|
Id: 2.5.4.10 (id-at-organizationName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: Tokbox
|
|
|
RDNSequence item: 1 item (id-at-commonName=mantis.tokbox.com)
|
|
|
RelativeDistinguishedName item (id-at-commonName=mantis.tokbox.com)
|
|
|
Id: 2.5.4.3 (id-at-commonName)
|
|
|
DirectoryString: printableString (1)
|
|
|
printableString: mantis.tokbox.com
|
|
|
subjectPublicKeyInfo
|
|
|
algorithm (rsaEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
|
|
|
Padding: 0
|
|
|
subjectPublicKey: 30818902818100bea2170f27caed5cf16dc53f909932b869...
|
|
|
algorithmIdentifier (shaWithRSAEncryption)
|
|
|
Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
|
|
|
Padding: 0
|
|
|
encrypted: ae89516a687d33a7ec9c75a66921bca1ae0e7e60586c58e2...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Key Exchange
|
|
|
Content Type: Handshake (22)
|
|
|
Version: DTLS 1.0 (0xfeff)
|
|
|
Epoch: 0
|
|
|
Sequence Number: 2
|
|
|
Length: 211
|
|
|
Handshake Protocol: Server Key Exchange
|
|
|
Handshake Type: Server Key Exchange (12)
|
|
|
Length: 199
|
|
|
Message Sequence: 2
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 199
|
|
|
EC Diffie-Hellman Server Params
|
|
|
Curve Type: named_curve (0x03)
|
|
|
Named Curve: secp256r1 (0x0017)
|
|
|
Pubkey Length: 65
|
|
|
<b>Pubkey: 0428bd3b98a7f80c4a8c276ed24a437f835e1c42e6cc61ad...</b>
|
|
|
Signature Length: 128
|
|
|
Signature: 93f2b2753ecb4a80048b2e21826925e6ea7c46e1bd99769f...
|
|
|
DTLSv1.0 Record Layer: Handshake Protocol: Server Hello Done
|
|
|
Content Type: Handshake (22)
|
|
|
<b>Version: DTLS 1.0 (0xfeff)</b>
|
|
|
Epoch: 0
|
|
|
Sequence Number: 3
|
|
|
Length: 12
|
|
|
Handshake Protocol: Server Hello Done
|
|
|
Handshake Type: Server Hello Done (14)
|
|
|
Length: 0
|
|
|
Message Sequence: 3
|
|
|
Fragment Offset: 0
|
|
|
Fragment Length: 0
|
|
|
</pre>
|
|
|
|
|
|
### STUN
|
|
|
|
|
|
#### Binding Requests
|
|
|
|
|
|
Here is the binding request, the first STUN packet. The fingerprint and transaction ID are potentials for discovery:
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
Message Type: 0x0001 (Binding Request)
|
|
|
.... ...0 ...0 .... = Message Class: 0x0000
|
|
|
[Request (0)]
|
|
|
..00 000. 000. 0001 = Message Method: 0x0001
|
|
|
[Binding (0x001)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 8
|
|
|
Message Cookie: 2112a442
|
|
|
Message Transaction ID: 1ea1d16f0e1794e75c98f212
|
|
|
<b> Attributes
|
|
|
FINGERPRINT
|
|
|
Attribute Type: FINGERPRINT (0x8028)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
CRC-32: 0x58615c53</span>
|
|
|
</pre>
|
|
|
|
|
|
And here is the binding success response, coming from the STUN server to the client:
|
|
|
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
Message Type: 0x0101 (Binding Success Response)
|
|
|
.... ...1 ...0 .... = Message Class: 0x0010
|
|
|
[Success Response (2)]
|
|
|
..00 000. 000. 0001 = Message Method: 0x0001
|
|
|
[Binding (0x001)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 80
|
|
|
Message Cookie: 2112a442
|
|
|
Message Transaction ID: 1ea1d16f0e1794e75c98f212
|
|
|
Attributes
|
|
|
<b> XOR-MAPPED-ADDRESS: 192.0.2.10:38645
|
|
|
Attribute Type: XOR-MAPPED-ADDRESS (0x0020)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 8
|
|
|
Reserved: 00
|
|
|
Protocol Family: IPv4 (0x01)
|
|
|
Port (XOR-d): b7e7
|
|
|
[Port: 38645]
|
|
|
IP (XOR-d): 83fcba14
|
|
|
[IP: 192.0.2.10 (192.0.2.10)]
|
|
|
MAPPED-ADDRESS: 192.0.2.10:38645
|
|
|
Attribute Type: MAPPED-ADDRESS (0x0001)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 8
|
|
|
Reserved: 00
|
|
|
Protocol Family: IPv4 (0x01)
|
|
|
Port: 38645
|
|
|
IP: 192.0.2.10 (192.0.2.10)
|
|
|
RESPONSE-ORIGIN: 74.201.205.43:3478
|
|
|
Attribute Type: RESPONSE-ORIGIN (0x802b)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 8
|
|
|
Reserved: 00
|
|
|
Protocol Family: IPv4 (0x01)
|
|
|
Port: 3478
|
|
|
IP: 74.201.205.43 (74.201.205.43)
|
|
|
SOFTWARE
|
|
|
Attribute Type: SOFTWARE (0x8022)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 29
|
|
|
<b> Software: Citrix-3.2.5.1 'Marshal West'</b>
|
|
|
Padding: 3
|
|
|
FINGERPRINT
|
|
|
Attribute Type: FINGERPRINT (0x8028)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
CRC-32: 0x0d6f9ab0</span>
|
|
|
</pre>
|
|
|
|
|
|
|
|
|
Slightly different binding request packet. This includes a username, tied to the client in the communication, and an ICE-CONTROLLING attribute:
|
|
|
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
Message Type: 0x0001 (Binding Request)
|
|
|
.... ...0 ...0 .... = Message Class: 0x0000
|
|
|
[Request (0)]
|
|
|
..00 000. 000. 0001 = Message Method: 0x0001
|
|
|
[Binding (0x001)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 88
|
|
|
Message Cookie: 2112a442
|
|
|
Message Transaction ID: e23bffae1d781551e03ab4a5
|
|
|
<b> Attributes
|
|
|
<b> USERNAME: BEsGwY5xupyZbhln:7b4693c2</b>
|
|
|
Attribute Type: USERNAME (0x0006)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 25
|
|
|
Username: BEsGwY5xupyZbhln:7b4693c2
|
|
|
Padding: 3
|
|
|
USE-CANDIDATE
|
|
|
Attribute Type: USE-CANDIDATE (0x0025)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 0
|
|
|
PRIORITY
|
|
|
Attribute Type: PRIORITY (0x0024)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
Priority: 1853686015
|
|
|
ICE-CONTROLLING
|
|
|
Attribute Type: ICE-CONTROLLING (0x802a)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 8
|
|
|
Tie breaker: 456a56d73bf53ae0
|
|
|
MESSAGE-INTEGRITY
|
|
|
Attribute Type: MESSAGE-INTEGRITY (0x0008)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 20
|
|
|
HMAC-SHA1: 62bcd99bfabb384398611322966423550257f173
|
|
|
FINGERPRINT
|
|
|
Attribute Type: FINGERPRINT (0x8028)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
CRC-32: 0x733a4947</span>
|
|
|
</pre>
|
|
|
|
|
|
And the response to that:
|
|
|
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
Message Type: 0x0101 (Binding Success Response)
|
|
|
.... ...1 ...0 .... = Message Class: 0x0010
|
|
|
[Success Response (2)]
|
|
|
..00 000. 000. 0001 = Message Method: 0x0001
|
|
|
[Binding (0x001)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 44
|
|
|
Message Cookie: 2112a442
|
|
|
Message Transaction ID: e23bffae1d781551e03ab4a5
|
|
|
<b> Attributes
|
|
|
XOR-MAPPED-ADDRESS: 192.0.2.10:38645
|
|
|
Attribute Type: XOR-MAPPED-ADDRESS (0x0020)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 8
|
|
|
Reserved: 00
|
|
|
Protocol Family: IPv4 (0x01)
|
|
|
Port (XOR-d): b7e7
|
|
|
[Port: 38645]
|
|
|
IP (XOR-d): 83fcba14
|
|
|
[IP: 192.0.2.10 (192.0.2.10)]
|
|
|
MESSAGE-INTEGRITY
|
|
|
Attribute Type: MESSAGE-INTEGRITY (0x0008)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 20
|
|
|
HMAC-SHA1: f5883b9e52e311242d66ed99dfb7a0a1ae49b56f
|
|
|
FINGERPRINT
|
|
|
Attribute Type: FINGERPRINT (0x8028)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
CRC-32: 0x0bc6ce07</span>
|
|
|
</pre>
|
|
|
|
|
|
#### Allocate requests
|
|
|
|
|
|
Here is the first allocate request packet:
|
|
|
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
Message Type: 0x0003 (Allocate Request)
|
|
|
.... ...0 ...0 .... = Message Class: 0x0000
|
|
|
[Request (0)]
|
|
|
..00 000. 000. 0011 = Message Method: 0x0003
|
|
|
[Allocate (0x003)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 24
|
|
|
Message Cookie: 2112a442
|
|
|
Message Transaction ID: 4dff273c1cff6d4ec5fc9292
|
|
|
<b> Attributes
|
|
|
REQUESTED-TRANSPORT: UDP
|
|
|
Attribute Type: REQUESTED-TRANSPORT (0x0019)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
Transport: UDP (0x11)
|
|
|
Reserved: 000000
|
|
|
LIFETIME 3600
|
|
|
Attribute Type: LIFETIME (0x000d)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
Lifetime: 3600
|
|
|
FINGERPRINT
|
|
|
Attribute Type: FINGERPRINT (0x8028)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
CRC-32: 0xbe5775d9</span>
|
|
|
</pre>
|
|
|
|
|
|
And the response to the allocate request, which errors. This includes information about the server being visited:
|
|
|
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
Message Type: 0x0113 (Allocate Error Response)
|
|
|
.... ...1 ...1 .... = Message Class: 0x0011
|
|
|
[Error Response (3)]
|
|
|
..00 000. 000. 0011 = Message Method: 0x0003
|
|
|
[Allocate (0x003)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 100
|
|
|
Message Cookie: 2112a442
|
|
|
Message Transaction ID: 4dff273c1cff6d4ec5fc9292
|
|
|
<b> Attributes
|
|
|
ERROR-CODE 401 (Unauthorized): Unauthorised
|
|
|
Attribute Type: ERROR-CODE (0x0009)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 16
|
|
|
Reserved: 0000
|
|
|
.... .100 = Error Class: 4
|
|
|
Error Code: 1
|
|
|
Error Reason Phrase: Unauthorised
|
|
|
NONCE: 2e7ef3eff1331156
|
|
|
Attribute Type: NONCE (0x0015)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 16
|
|
|
Nonce: 2e7ef3eff1331156
|
|
|
<b> REALM: tokbox.com</b>
|
|
|
Attribute Type: REALM (0x0014)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 10
|
|
|
Realm: tokbox.com
|
|
|
Padding: 2
|
|
|
SOFTWARE
|
|
|
Attribute Type: SOFTWARE (0x8022)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 29
|
|
|
<b> Software: Citrix-3.2.5.1 'Marshal West'</b>
|
|
|
Padding: 3
|
|
|
FINGERPRINT
|
|
|
Attribute Type: FINGERPRINT (0x8028)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
CRC-32: 0x2fb3b1da</span>
|
|
|
</pre>
|
|
|
|
|
|
Different allocate request, including username and realm (website):
|
|
|
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
Message Type: 0x0003 (Allocate Request)
|
|
|
.... ...0 ...0 .... = Message Class: 0x0000
|
|
|
[Request (0)]
|
|
|
..00 000. 000. 0011 = Message Method: 0x0003
|
|
|
[Allocate (0x003)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 248
|
|
|
Message Cookie: 2112a442
|
|
|
Message Transaction ID: d468b300330fbdc123951d66
|
|
|
<i> Attributes
|
|
|
REQUESTED-TRANSPORT: UDP
|
|
|
Attribute Type: REQUESTED-TRANSPORT (0x0019)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
Transport: UDP (0x11)
|
|
|
Reserved: 000000
|
|
|
LIFETIME 3600
|
|
|
Attribute Type: LIFETIME (0x000d)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
Lifetime: 3600
|
|
|
<b> USERNAME: 1453415893:1.2_MX40NDQ0MzEyMn5-MTQ1MzMyOTQ4ODAwM345TVE2VmpDMW5KTFVpdW84K0dTL2MzNmF-fg.5bbce808-6e2b-45d2-9240-201120fc41e5.fb04c070-5be0-4642-b4c4-843d847cdc95</b>
|
|
|
Attribute Type: USERNAME (0x0006)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 159
|
|
|
Username: 1453415893:1.2_MX40NDQ0MzEyMn5-MTQ1MzMyOTQ4ODAwM345TVE2VmpDMW5KTFVpdW84K0dTL2MzNmF-fg.5bbce808-6e2b-45d2-9240-201120fc41e5.fb04c070-5be0-4642-b4c4-843d847cdc95
|
|
|
Padding: 1
|
|
|
<b> REALM: tokbox.com</b>
|
|
|
Attribute Type: REALM (0x0014)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 10
|
|
|
Realm: tokbox.com
|
|
|
Padding: 2
|
|
|
NONCE: 2e7ef3eff1331156
|
|
|
Attribute Type: NONCE (0x0015)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 16
|
|
|
Nonce: 2e7ef3eff1331156
|
|
|
MESSAGE-INTEGRITY
|
|
|
Attribute Type: MESSAGE-INTEGRITY (0x0008)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 20
|
|
|
HMAC-SHA1: 4e46acb02cd3ad0caea87de15c5b1c50a68f5ec6
|
|
|
FINGERPRINT
|
|
|
Attribute Type: FINGERPRINT (0x8028)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
CRC-32: 0x3e3b0e4e</i>
|
|
|
</pre>
|
|
|
|
|
|
And the success response:
|
|
|
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
Message Type: 0x0103 (Allocate Success Response)
|
|
|
.... ...1 ...0 .... = Message Class: 0x0010
|
|
|
[Success Response (2)]
|
|
|
..00 000. 000. 0011 = Message Method: 0x0003
|
|
|
[Allocate (0x003)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 100
|
|
|
Message Cookie: 2112a442
|
|
|
Message Transaction ID: d468b300330fbdc123951d66
|
|
|
<b> Attributes
|
|
|
XOR-RELAYED-ADDRESS: 74.201.205.43:14002
|
|
|
Attribute Type: XOR-RELAYED-ADDRESS (0x0016)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 8
|
|
|
Reserved: 00
|
|
|
Protocol Family: IPv4 (0x01)
|
|
|
Port (XOR-d): 17a0
|
|
|
[Port: 14002]
|
|
|
IP (XOR-d): 6bdb6969
|
|
|
[IP: 74.201.205.43 (74.201.205.43)]
|
|
|
XOR-MAPPED-ADDRESS: 192.0.2.10:38645
|
|
|
Attribute Type: XOR-MAPPED-ADDRESS (0x0020)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 8
|
|
|
Reserved: 00
|
|
|
Protocol Family: IPv4 (0x01)
|
|
|
Port (XOR-d): b7e7
|
|
|
[Port: 38645]
|
|
|
IP (XOR-d): 83fcba14
|
|
|
[IP: 192.0.2.10 (192.0.2.10)]
|
|
|
LIFETIME 3600
|
|
|
Attribute Type: LIFETIME (0x000d)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
Lifetime: 3600
|
|
|
SOFTWARE
|
|
|
Attribute Type: SOFTWARE (0x8022)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 29
|
|
|
<b> Software: Citrix-3.2.5.1 'Marshal West'</b>
|
|
|
Padding: 3
|
|
|
MESSAGE-INTEGRITY
|
|
|
Attribute Type: MESSAGE-INTEGRITY (0x0008)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 20
|
|
|
HMAC-SHA1: 5d58469abd4b33c21f5801752ba0aebfa33e6e15
|
|
|
FINGERPRINT
|
|
|
Attribute Type: FINGERPRINT (0x8028)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
CRC-32: 0x5cf4e5c7</span>
|
|
|
</pre>
|
|
|
|
|
|
#### Create Permission Requests
|
|
|
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
Message Type: 0x0008 (CreatePermission Request)
|
|
|
.... ...0 ...0 .... = Message Class: 0x0000
|
|
|
[Request (0)]
|
|
|
..00 000. 000. 1000 = Message Method: 0x0008
|
|
|
[CreatePermission (0x008)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 244
|
|
|
Message Cookie: 2112a442
|
|
|
Message Transaction ID: 78455a7886a48015f059e05b
|
|
|
<b> Attributes
|
|
|
XOR-PEER-ADDRESS: 74.201.205.3:26103
|
|
|
Attribute Type: XOR-PEER-ADDRESS (0x0012)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 8
|
|
|
Reserved: 00
|
|
|
Protocol Family: IPv4 (0x01)
|
|
|
Port (XOR-d): 44e5
|
|
|
[Port: 26103]
|
|
|
IP (XOR-d): 6bdb6941
|
|
|
[IP: 74.201.205.3 (74.201.205.3)]
|
|
|
<b> USERNAME: 1453415916:1.2_MX40NDQ0MzEyMn5-MTQ1MzMyOTQ4ODAwM345TVE2VmpDMW5KTFVpdW84K0dTL2MzNmF-fg.31f8dacc-294e-4b44-87c7-c6bf1d50a64a.7f085edd-49f5-4e45-ac04-76fee77527ca</b>
|
|
|
Attribute Type: USERNAME (0x0006)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 159
|
|
|
Username: 1453415916:1.2_MX40NDQ0MzEyMn5-MTQ1MzMyOTQ4ODAwM345TVE2VmpDMW5KTFVpdW84K0dTL2MzNmF-fg.31f8dacc-294e-4b44-87c7-c6bf1d50a64a.7f085edd-49f5-4e45-ac04-76fee77527ca
|
|
|
Padding: 1
|
|
|
<b> REALM: tokbox.com</b>
|
|
|
Attribute Type: REALM (0x0014)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 10
|
|
|
Realm: tokbox.com
|
|
|
Padding: 2
|
|
|
NONCE: 37897cf24e67560f
|
|
|
Attribute Type: NONCE (0x0015)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 16
|
|
|
Nonce: 37897cf24e67560f
|
|
|
MESSAGE-INTEGRITY
|
|
|
Attribute Type: MESSAGE-INTEGRITY (0x0008)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 20
|
|
|
HMAC-SHA1: 85480b4f3c426600faf1ff50c089ad128debdc3a
|
|
|
FINGERPRINT
|
|
|
Attribute Type: FINGERPRINT (0x8028)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
CRC-32: 0x5bc32170</span>
|
|
|
</pre>
|
|
|
|
|
|
And the response:
|
|
|
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
Message Type: 0x0108 (CreatePermission Success Response)
|
|
|
.... ...1 ...0 .... = Message Class: 0x0010
|
|
|
[Success Response (2)]
|
|
|
..00 000. 000. 1000 = Message Method: 0x0008
|
|
|
[CreatePermission (0x008)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 68
|
|
|
Message Cookie: 2112a442
|
|
|
Message Transaction ID: 78455a7886a48015f059e05b
|
|
|
<b> Attributes
|
|
|
SOFTWARE
|
|
|
Attribute Type: SOFTWARE (0x8022)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 29
|
|
|
<b> Software: Citrix-3.2.5.1 'Marshal West'</b>
|
|
|
Padding: 3
|
|
|
MESSAGE-INTEGRITY
|
|
|
Attribute Type: MESSAGE-INTEGRITY (0x0008)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 20
|
|
|
HMAC-SHA1: 0cf9c934b676a82a7ecd48a5aed5c9ff56a47639
|
|
|
FINGERPRINT
|
|
|
Attribute Type: FINGERPRINT (0x8028)
|
|
|
1... .... .... .... = Attribute Type Comprehension: 0x0001
|
|
|
[Optional (1)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 4
|
|
|
CRC-32: 0xdc967696</span>
|
|
|
</pre>
|
|
|
|
|
|
#### Send Indication
|
|
|
|
|
|
Looks like the dissection fails around the DATA part?
|
|
|
|
|
|
<pre>
|
|
|
Session Traversal Utilities for NAT
|
|
|
Message Type: 0x0016 (Send Indication)
|
|
|
.... ...0 ...1 .... = Message Class: 0x0001
|
|
|
[Indication (1)]
|
|
|
..00 000. 000. 0110 = Message Method: 0x0006
|
|
|
[Send (0x006)]
|
|
|
..0. .... .... .... = Message Method Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Message Length: 132
|
|
|
Message Cookie: 2112a442
|
|
|
Message Transaction ID: 5d7f4e81a326a56af8613788
|
|
|
<b> Attributes
|
|
|
XOR-PEER-ADDRESS: 74.201.205.3:26103
|
|
|
Attribute Type: XOR-PEER-ADDRESS (0x0012)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 8
|
|
|
Reserved: 00
|
|
|
Protocol Family: IPv4 (0x01)
|
|
|
Port (XOR-d): 44e5
|
|
|
[Port: 26103]
|
|
|
IP (XOR-d): 6bdb6941
|
|
|
[IP: 74.201.205.3 (74.201.205.3)]
|
|
|
<b> DATA
|
|
|
Attribute Type: DATA (0x0013)
|
|
|
0... .... .... .... = Attribute Type Comprehension: 0x0000
|
|
|
[Required (0)]
|
|
|
.0.. .... .... .... = Attribute Type Assignment: 0x0000
|
|
|
[IETF Review (0)]
|
|
|
Attribute Length: 108
|
|
|
Value: 000100582112a4422bb822ea46b85810b300a8aa00060019...
|
|
|
Trivial File Transfer Protocol
|
|
|
[Source File: ]
|
|
|
Opcode: Read Request (1)
|
|
|
Source File:
|
|
|
Type: X!\022\357\277\275B+\357\277\275"\357\277\275F\357\277\275X\020\357\277\275
|
|
|
Option: \250\252\000 = \006\000
|
|
|
Option name: \357\277\275\357\277\275
|
|
|
Option value: \006
|
|
|
Option: \031BVvJ5yJLt6HIDQQN:be827ba2\000 = \000
|
|
|
Option name: \031BVvJ5yJLt6HIDQQN:be827ba2
|
|
|
Option value:
|
|
|
Option: \000 = \000
|
|
|
Option name:
|
|
|
Option value:
|
|
|
Option: %\000 = \000
|
|
|
Option name: %
|
|
|
Option value:
|
|
|
Option: \000 = $\000
|
|
|
Option name:
|
|
|
Option value: $
|
|
|
Option: \004n}\000 = \377\200*\000
|
|
|
Option name: \004n}
|
|
|
Option value: \357\277\275\357\277\275*
|
|
|
Option: \b\210f\217\326H\216h\374\000 = \b\000
|
|
|
Option name: \b\357\277\275f\357\277\275\357\277\275H\357\277\275h\357\277\275
|
|
|
Option value: \b</span></span>
|
|
|
<b>[Malformed Packet: TFTP]
|
|
|
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
|
|
|
[Malformed Packet (Exception occurred)]
|
|
|
[Severity level: Error]
|
|
|
[Group: Malformed]</span>
|
|
|
</pre> |