June 1st, 2005
Aurelien Charbon
Test of rpcbind user part
When the server runs rpcbind (version 4, 3 and 2)
Here is an ethereal capture when we do a mount operation: we can clearly see that rpcbind version 4 is used first.
Frame 740 (182 bytes on wire, 182 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:00:4c:7f:79:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.31 (172.16.109.31)
Transmission Control Protocol, Src Port: 640 (640), Dst Port: 111 (111), Seq: 1, Ack: 1, Len: 116
Remote Procedure Call, Type:Call XID:0xfc6898b2
Portmap
Program Version: 4
V4 Procedure: GETADDR (3)
RPCB
Program: MOUNT (100005)
Version: 3
Network Id: ???
length: 3
contents: ???
fill bytes: opaque data
Universal Address: 172.16.109.31.0.111
length: 19
contents: 172.16.109.31.0.111
fill bytes: opaque data
Owner of this Service: ??????????????????
length: 27
contents: ??????????????????
fill bytes: opaque data
Frame 741 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:00:4c:7f:79:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.31 (172.16.109.31), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 640 (640), Seq: 1, Ack: 117, Len: 0
Frame 742 (118 bytes on wire, 118 bytes captured)
Ethernet II, Src: 00:00:4c:7f:79:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.31 (172.16.109.31), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 640 (640), Seq: 1, Ack: 117, Len: 52
Remote Procedure Call, Type:Reply XID:0xfc6898b2
Portmap
Program Version: 4
V4 Procedure: GETADDR (3)
Universal Address: 172.16.109.31.128.33
length: 20
contents: 172.16.109.31.128.33
When the server runs only portmapper (ie rpcbind version 2 only)
The client try to use version 4, then version 3 and finally version 2
Frame 3336 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 686 (686), Dst Port: 111 (111), Seq: 1, Ack: 1, Len: 0
Frame 3337 (178 bytes on wire, 178 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 686 (686), Dst Port: 111 (111), Seq: 1, Ack: 1, Len: 112
Remote Procedure Call, Type:Call XID:0xfc6df546
Fragment header: Last fragment, 108 bytes
XID: 0xfc6df546 (4235064646)
Message Type: Call (0)
RPC Version: 2
Program: Portmap (100000)
Program Version: 4
Procedure: GETADDR (3)
The reply to this request is in frame 3339
Credentials
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Portmap
Program Version: 4
V4 Procedure: GETADDR (3)
RPCB
Program: NFS (100003)
Version: 3
Network Id: \??
length: 3
contents: \??
fill bytes: opaque data
Universal Address: 172.16.109.30.0.111
length: 19
contents: 172.16.109.30.0.111
fill bytes: opaque data
Owner of this Service: ??
x??i
length: 21
contents: ??
x??i
fill bytes: opaque data
Frame 3338 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:02:b3:bd:a3:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.30 (172.16.109.30), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 686 (686), Seq: 1, Ack: 113, Len: 0
Frame 3339 (102 bytes on wire, 102 bytes captured)
Ethernet II, Src: 00:02:b3:bd:a3:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.30 (172.16.109.30), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 686 (686), Seq: 1, Ack: 113, Len: 36
Remote Procedure Call, Type:Reply XID:0xfc6df546
Fragment header: Last fragment, 32 bytes
XID: 0xfc6df546 (4235064646)
Message Type: Reply (1)
Program: Portmap (100000)
Program Version: 4
Procedure: GETADDR (3)
Reply State: accepted (0)
This is a reply to a request in frame 3337
Time from request: 0.000488000 seconds
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Accept State: remote can't support version # (2)
Program Version (Minimum): 2
Program Version (Maximum): 2
Frame 3340 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 686 (686), Dst Port: 111 (111), Seq: 113, Ack: 37, Len: 0
Frame 3341 (178 bytes on wire, 178 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 686 (686), Dst Port: 111 (111), Seq: 113, Ack: 37, Len: 112
Remote Procedure Call, Type:Call XID:0xfb6df546
Fragment header: Last fragment, 108 bytes
XID: 0xfb6df546 (4218287430)
Message Type: Call (0)
RPC Version: 2
Program: Portmap (100000)
Program Version: 3
Procedure: GETADDR (3)
The reply to this request is in frame 3342
Credentials
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Portmap
Program Version: 3
V3 Procedure: GETADDR (3)
RPCB
Program: NFS (100003)
Version: 3
Network Id: \??
length: 3
contents: \??
fill bytes: opaque data
Universal Address: 172.16.109.30.0.111
length: 19
contents: 172.16.109.30.0.111
fill bytes: opaque data
Owner of this Service: ??
x??i
length: 21
contents: ??
x??i
fill bytes: opaque data
Frame 3342 (102 bytes on wire, 102 bytes captured)
Ethernet II, Src: 00:02:b3:bd:a3:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.30 (172.16.109.30), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 686 (686), Seq: 37, Ack: 225, Len: 36
Remote Procedure Call, Type:Reply XID:0xfb6df546
Fragment header: Last fragment, 32 bytes
XID: 0xfb6df546 (4218287430)
Message Type: Reply (1)
Program: Portmap (100000)
Program Version: 3
Procedure: GETADDR (3)
Reply State: accepted (0)
This is a reply to a request in frame 3341
Time from request: 0.000419000 seconds
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Accept State: remote can't support version # (2)
Program Version (Minimum): 2
Program Version (Maximum): 2
Frame 3343 (98 bytes on wire, 98 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
User Datagram Protocol, Src Port: 686 (686), Dst Port: 111 (111)
Remote Procedure Call, Type:Call XID:0x4292289a
XID: 0x4292289a (1116874906)
Message Type: Call (0)
RPC Version: 2
Program: Portmap (100000)
Program Version: 2
Procedure: GETPORT (3)
The reply to this request is in frame 3344
Credentials
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Portmap
Program Version: 2
V2 Procedure: GETPORT (3)
Program: NFS (100003)
Version: 3
Proto: TCP (6)
Port: 0
Frame 3344 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: 00:02:b3:bd:a3:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.30 (172.16.109.30), Dst Addr: 172.16.109.53 (172.16.109.53)
User Datagram Protocol, Src Port: 111 (111), Dst Port: 686 (686)
Remote Procedure Call, Type:Reply XID:0x4292289a
XID: 0x4292289a (1116874906)
Message Type: Reply (1)
Program: Portmap (100000)
Program Version: 2
Procedure: GETPORT (3)
Reply State: accepted (0)
This is a reply to a request in frame 3343
Time from request: 0.000748000 seconds
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Accept State: RPC executed successfully (0)
Portmap
Program Version: 2
V2 Procedure: GETPORT (3)
Port: 2049
Test of rpcbind kernel part
Method: launching connectathon locking tests to see what happens
With a server running rpcbind:
Frame 781 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 1019 (1019), Dst Port: 111 (111), Seq: 1, Ack: 1, Len: 0
Frame 782 (138 bytes on wire, 138 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 1019 (1019), Dst Port: 111 (111), Seq: 1, Ack: 1, Len: 72
Remote Procedure Call, Type:Call XID:0xe42428eb
Fragment header: Last fragment, 68 bytes
XID: 0xe42428eb (3827575019)
Message Type: Call (0)
RPC Version: 2
Program: Portmap (100000)
Program Version: 4
Procedure: GETVERSADDR (9)
The reply to this request is in frame 785
Credentials
Flavor: AUTH_NULL (0)
Length: 0
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Portmap
Program Version: 4
V4 Procedure: GETVERSADDR (9)
Data (28 bytes)
0000 00 01 86 b5 00 00 00 04 00 00 00 03 74 63 70 00 ............tcp.
0010 00 00 00 00 00 00 00 04 72 70 63 62 ........rpcb
Frame 784 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:02:b3:bd:a3:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.30 (172.16.109.30), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 1019 (1019), Seq: 1, Ack: 73, Len: 0
Frame 785 (102 bytes on wire, 102 bytes captured)
Ethernet II, Src: 00:02:b3:bd:a3:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.30 (172.16.109.30), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 1019 (1019), Seq: 1, Ack: 73, Len: 36
Remote Procedure Call, Type:Reply XID:0xe42428eb
Fragment header: Last fragment, 32 bytes
XID: 0xe42428eb (3827575019)
Message Type: Reply (1)
Program: Portmap (100000)
Program Version: 4
Procedure: GETVERSADDR (9)
Reply State: accepted (0)
This is a reply to a request in frame 782
Time from request: 0.000793000 seconds
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Accept State: remote can't support version # (2)
Program Version (Minimum): 2
Program Version (Maximum): 2
Frame 786 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 1019 (1019), Dst Port: 111 (111), Seq: 73, Ack: 37, Len: 0
[...]
Frame 795 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 1018 (1018), Dst Port: 111 (111), Seq: 1, Ack: 1, Len: 0
Frame 796 (138 bytes on wire, 138 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 1018 (1018), Dst Port: 111 (111), Seq: 1, Ack: 1, Len: 72
Remote Procedure Call, Type:Call XID:0x1038df9c
Fragment header: Last fragment, 68 bytes
XID: 0x1038df9c (272162716)
Message Type: Call (0)
RPC Version: 2
Program: Portmap (100000)
Program Version: 3
Procedure: GETADDR (3)
The reply to this request is in frame 798
Credentials
Flavor: AUTH_NULL (0)
Length: 0
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Portmap
Program Version: 3
V3 Procedure: GETADDR (3)
RPCB
Program: NLM (100021)
Version: 4
Network Id: tcp
Universal Address:
Owner of this Service: rpcb
Frame 797 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:02:b3:bd:a3:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.30 (172.16.109.30), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 1018 (1018), Seq: 1, Ack: 73, Len: 0
Frame 798 (102 bytes on wire, 102 bytes captured)
Ethernet II, Src: 00:02:b3:bd:a3:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.30 (172.16.109.30), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 1018 (1018), Seq: 1, Ack: 73, Len: 36
Remote Procedure Call, Type:Reply XID:0x1038df9c
Fragment header: Last fragment, 32 bytes
XID: 0x1038df9c (272162716)
Message Type: Reply (1)
Program: Portmap (100000)
Program Version: 3
Procedure: GETADDR (3)
Reply State: accepted (0)
This is a reply to a request in frame 796
Time from request: 0.000556000 seconds
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Accept State: remote can't support version # (2)
Program Version (Minimum): 2
Program Version (Maximum): 2
Frame 799 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 1018 (1018), Dst Port: 111 (111), Seq: 73, Ack: 37, Len: 0
[...]
Frame 826 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 1017 (1017), Dst Port: 111 (111), Seq: 1, Ack: 1, Len: 0
Frame 827 (126 bytes on wire, 126 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:02:b3:bd:a3:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.30 (172.16.109.30)
Transmission Control Protocol, Src Port: 1017 (1017), Dst Port: 111 (111), Seq: 1, Ack: 1, Len: 60
Remote Procedure Call, Type:Call XID:0x3beda703
Fragment header: Last fragment, 56 bytes
XID: 0x3beda703 (1005430531)
Message Type: Call (0)
RPC Version: 2
Program: Portmap (100000)
Program Version: 2
Procedure: GETPORT (3)
The reply to this request is in frame 832
Credentials
Flavor: AUTH_NULL (0)
Length: 0
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Portmap
Program Version: 2
V2 Procedure: GETPORT (3)
Program: NLM (100021)
Version: 4
Proto: TCP (6)
Port: 0
Frame 828 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:02:b3:bd:a3:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.30 (172.16.109.30), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 1017 (1017), Seq: 1, Ack: 61, Len: 0
Frame 832 (98 bytes on wire, 98 bytes captured)
Ethernet II, Src: 00:02:b3:bd:a3:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.30 (172.16.109.30), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 1017 (1017), Seq: 1, Ack: 61, Len: 32
Remote Procedure Call, Type:Reply XID:0x3beda703
Fragment header: Last fragment, 28 bytes
XID: 0x3beda703 (1005430531)
Message Type: Reply (1)
Program: Portmap (100000)
Program Version: 2
Procedure: GETPORT (3)
Reply State: accepted (0)
This is a reply to a request in frame 827
Time from request: 0.004719000 seconds
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Accept State: RPC executed successfully (0)
Portmap
Program Version: 2
V2 Procedure: GETPORT (3)
Port: 32771
If the server runs rpcbind version 4, 3 and 2 then the version used is version 4, as we can see on this capture:
Frame 974 (138 bytes on wire, 138 bytes captured)
Ethernet II, Src: 00:02:b3:f0:05:8c, Dst: 00:00:4c:7f:79:61
Internet Protocol, Src Addr: 172.16.109.53 (172.16.109.53), Dst Addr: 172.16.109.31 (172.16.109.31)
Transmission Control Protocol, Src Port: 1017 (1017), Dst Port: 111 (111), Seq: 1, Ack: 1, Len: 72
Remote Procedure Call, Type:Call XID:0xd5269811
Fragment header: Last fragment, 68 bytes
XID: 0xd5269811 (3576076305)
Message Type: Call (0)
RPC Version: 2
Program: Portmap (100000)
Program Version: 4
Procedure: GETVERSADDR (9)
The reply to this request is in frame 976
Credentials
Flavor: AUTH_NULL (0)
Length: 0
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Portmap
Program Version: 4
V4 Procedure: GETVERSADDR (9)
Data (28 bytes)
0000 00 01 86 b5 00 00 00 04 00 00 00 03 74 63 70 00 ............tcp.
0010 00 00 00 00 00 00 00 04 72 70 63 62 ........rpcb
Frame 975 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:00:4c:7f:79:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.31 (172.16.109.31), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 1017 (1017), Seq: 1, Ack: 73, Len: 0
Frame 976 (118 bytes on wire, 118 bytes captured)
Ethernet II, Src: 00:00:4c:7f:79:61, Dst: 00:02:b3:f0:05:8c
Internet Protocol, Src Addr: 172.16.109.31 (172.16.109.31), Dst Addr: 172.16.109.53 (172.16.109.53)
Transmission Control Protocol, Src Port: 111 (111), Dst Port: 1017 (1017), Seq: 1, Ack: 73, Len: 52
Remote Procedure Call, Type:Reply XID:0xd5269811
Fragment header: Last fragment, 48 bytes
XID: 0xd5269811 (3576076305)
Message Type: Reply (1)
Program: Portmap (100000)
Program Version: 4
Procedure: GETVERSADDR (9)
Reply State: accepted (0)
This is a reply to a request in frame 974
Time from request: 0.000892000 seconds
Verifier
Flavor: AUTH_NULL (0)
Length: 0
Accept State: RPC executed successfully (0)
Portmap
Program Version: 4
V4 Procedure: GETVERSADDR (9)
Data (24 bytes)
0000 00 00 00 14 31 37 32 2e 31 36 2e 31 30 39 2e 33 ....172.16.109.3
0010 31 2e 31 35 2e 32 30 35 1.15.205
