lost and found ( for me ? )

Windows Vista and later : Network Connectivity Status Indicator (NCSI)

[ what’s NCSI ]

NCSI probes Internet connectivity automatically and determines whether Internet connectivity is available or not based on NSCI probing results.
This function has been implemented Windows Vista and later.

About NCSI
Vista : http://technet.microsoft.com/en-us/library/cc766023::(WS.10).aspx
7 and 2008 R2 : http://technet.microsoft.com/en-us/library/ee126135(WS.10).aspx

[ How does NCSI check Internet connectivity ? ]

NCSI checks Internet connectivity by using two methods.

1.  GET ncsi.txt file via HTTP and check the string in that file

access to http://www.msftncsi.com/ncsi.txt and check ncsi.txt containing “Microsoft NCSI”

perform DNS lookup for www.msftncsi.com
access to www.msftncsi.com and GET ncsi.txt and then check ncsi.txt containing “Microsoft NCSI”

performs DNS lookup
# dig @DNSServer www.msftncsi.com

; <<>> DiG 9.8.0-P1 <<>> @DNSServer www.msftncsi.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24246
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.msftncsi.com.              IN      A

;; ANSWER SECTION:
www.msftncsi.com.       2103    IN      CNAME   newncsi.glbdns.microsoft.com.
newncsi.glbdns.microsoft.com. 300 IN    CNAME   ncsi.glbdns.microsoft.com.
ncsi.glbdns.microsoft.com. 300  IN      A       207.46.61.90


access to www.msftncsi.com
# wget http://www.msftncsi.com/ncsi.txt


check that file containing “Microsoft NCSI”
# cat ncsi.txt
Microsoft NCSI#

There are no line terminators in this file.
# file ncsi.txt
ncsi.txt: ASCII text, with no line terminators

2.  perfom DNS resolution and check the answer

performs DNS look up for dns.msftncsi.com and confirm whether the IP matches 131.107.255.255 or not.
If the IP matches 131.107.255.255 , NCSI determines that your PC has correct Internet connectivity.
If not , NSCI determines  your PC has wrong Internet connectivity.

DNS lookup for dns.msfncsi.com
# dig @DNSServer dns.msftncsi.com

; <<>> DiG 9.8.0-P1 <<>> @DNSServer dns.msftncsi.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16747
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dns.msftncsi.com.              IN      A

;; ANSWER SECTION:
dns.msftncsi.com.       30      IN      A       131.107.255.255

[ if NCSI probing fails ]

On “Windows button -> Control Panel -> Network and Internet -> Network and Sharing Center” ,
You will see red X mark between network and internet icon as below.



Note that this situation will happen even though your PC has actually internet connectivity.

For example:
- can’t resolve DNS lookup for www.msftncsi.com
- can’t get right cnsi.txt ( www.msftncsi.com/ncsi.txt )
- can’t get the correct DNS reply ( dns.msftncsi.com =131.107.255.255 )

If you have internet connectivity for sure , but see the above red X mark , try the followings.
- turn off Anti Virus tool if you have installed it
- perform DNS lookup for dns.msftncsi.com with nslookup command
- check ncsi.txt containing “Miscosoft NCSI” into that file manually using CLI or something

[ How to turn off NCSI probing ]

regedit ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet

To disable this functions , set EnableActiveProbing to 0
Default value is 1 ( enabled probing )



[ How frequently does NCSI probe ? ]

I built fake www.msftncsi.com to check NCSI probing interval.

                |------------ internet
Client – SW ---- DNS
                |---- fake Web server ( Apache respond to ncsi.txt containing “M$” )


- Client performs DNS lookup for www.msftncsi.com
- DNS returns the fake web server’s address
 Except for www.msftncsi.com query , DNS returns correct answers.
- Client accesses to the fake Web server
- fake web server respond to ncsi.txt
- NCSI determines there’s no internet connectivity even though there’s internet connectivity.

the content of nsci.txt
# cat /var/www/ncsi.txt
M$

M$ not MS :)

NCSI probing misunderstands my PC does not have Internet connectivity even though there’s Internet connectivity.

Here’s an access.log of fake web server.
Seen from access.log , polling interval does not seem to be fixed.
23:27:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:28:23 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:28:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:29:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:30:43 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:32:33 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:34:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:38:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:44:13 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:52:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 279 "-" "Microsoft NCSI"

I don’t like this function :(

VMware player 3.1 : create a custom network and assign it to a VM


VMware player : 3.1.4 build-385536
Host OS : Windows7 64bit


VMware plyaer 3.1 doesn’t provide vmnetcfg command which enables you to create custom networks like vmnet1 , vmnet2 etc :(
You can assign bridged ( VMnet0 ) or host-only ( VMnet1 ) or natted network (VMnet8) to a VM by default installation.

You however can create custom networks by installing VMware player by following procedures.
Please see my previous post.
http://lost-and-found-narihiro.blogspot.com/2011/07/how-to-use-vmnetcfg-on-vmware-player-31.html

[ create custom networks and assign it to VMs ]

1. create custom networks with vmnetcfg

run "C:\Program Files (x86)\VMware\VMware Player\vmnetcfg.exe"

activate VMnet 1 ( to - 7 ) virtual host adapter.

2. prepare a VM and assign a custom VMnet to a VM

I prepared Scientific Linux 6.1 as a VM. and assigned three vNICs to that VM.
You can not assign custom networks ( VMnet2 to VMnet7 ) via GUI.


So you need to edit vmx file by text editor.

edit vmx file like below.
#ethernet1.connectionType = "hostonly"
ethernet1.connectionType = "custom"
ethernet1.vnet = "VMnet1"
#ethernet2.connectionType = "hostonly"
ethernet2.connectionType = "custom"
ethernet2.vnet = "VMnet2"


3. run vmware player and check virtual machine settings.




4. fly VM

an output of ifconfig on VM.
- VMnet0 ( bridge )
[root@sl6-1 ~]# ifconfig eth0 | grep "inet addr"
         inet addr:192.168.11.200  Bcast:192.168.11.255  Mask:255.255.255.0

- VMnet1 ( custom )

[root@sl6-1 ~]# ifconfig eth1 | grep "inet addr"
         inet addr:192.168.19.128  Bcast:192.168.19.255  Mask:255.255.255.0

- VMnet2 ( custom )

[root@sl6-1 ~]# ifconfig eth2 | grep "inet addr"
         inet addr:192.168.92.128  Bcast:192.168.92.255  Mask:255.255.255.0

I can assign VMnet0 (bridge) , VMnet1 and VMnet2 to the VM :)

VMware player : install Scientific Linux 6 64bit as Guest OS

VMware Player : 3.1.4 build-385536
Host OS : Windows 7 64bit
Guest OS : Scientific Linux 6 64bit ( SL6 )

[ wath’s Scientific Linux ? ]

Scientific Lilunx (SL) is one of Red Hat Enterprise Linux close OSes.
Other clones are Oracle Enterprise Linux , CentOS.

As of 2011/9/23 , the latest version of these OSes are :

Cent OS : 6 ( not 6.1 )
SL :6.1
Oracle Linux : 6.1

[ procedures ]

- create a new VM and install SL6

With regard to OS type , there is no RHEL 6 in the guest OS list , I specified guest OS type as CentOS 64bit.

- installing SL6


[ install VMware tools ]

after installing SL , install VMware tools.

VMware console -> Virtual Machine -> install VMware tools

VMware tools will be mounted automatically and you will see the following GUI.

If VMware tools are not mounted automatically , mount VMware tools manually.
# mkdir zzz
# mount -t iso9660 /dev/sr0 /zzz

- install VMware tools
[root@sl6-1 ~]# cp /media/VMware\ Tools/VMwareTools-8.4.6-385536.tar.gz .
[root@sl6-1 ~]# tar xzvf VMwareTools-8.4.6-385536.tar.gz
[root@sl6-1 ~]# cd vmware-tools-distrib/
[root@sl6-1 vmware-tools-distrib]# ./vmware-install.pl

- after finishing installing VMware tools , reboot guest OS
# sync
# reboot

that’s it :)

decrypt SSL traffic with ssldump

decrypt SSL traffic with ssldump

[ installation ]

Ubuntu 11.04
root@hat1:~# apt-get install ssldump -y

root@hat1:~# ssldump -v
ssldump 0.9b3
Copyright (C) 1998-2001 RTFM, Inc.
All rights reserved.
Compiled with OpenSSL: decryption enabled


Fedora 15
[root@f15 ~]# yum list | grep ssldump

[root@f15 ~]# ssldump -v
ssldump 0.9b3
Copyright (C) 1998-2001 RTFM, Inc.
All rights reserved.
Compiled with OpenSSL: decryption enabled


[ decrypt SSL traffic ]

- At first , prepare Apache with SSL on Fedora 15

install httpd
[root@f15 ~]# yum install -y httpd mod_ssl


Sample SSL certification and configuration file for Apache are included in mod_ssl.

- SSL configuration file for Apache (/etc/httpd/conf.d/ssl.conf)

Private Key
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key


Certification file
SSLCertificateFile /etc/pki/tls/certs/localhost.crt


private key
[root@f15 conf.d]# openssl rsa -text -in /etc/pki/tls/private/localhost.key
Private-Key: (1024 bit)
modulus:
   00:ea:cf:7c:fa:18:31:97:40:17:b8:85:5c:86:ec:
   75:be:93:9c:cb:ce:7c:26:c7:29:30:41:f7:93:21:
   8c:6c:4b:12:34:f5:78:40:94:ab:d9:70:75:a1:ec:
   14:70:6e:8b:ce:fe:c0:35:85:66:24:bb:2c:b1:f2:


certification file
[root@f15 conf.d]# openssl x509 -text -in /etc/pki/tls/certs/localhost.crt
Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number: 30063 (0x756f)
       Signature Algorithm: sha1WithRSAEncryption
       Issuer: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=f15.localdomain/emailAddress=root@f15.localdomain
       Validity
           Not Before: Sep 21 14:30:35 2011 GMT
           Not After : Sep 20 14:30:35 2012 GMT
       Subject: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=f15.localdomain/emailAddress=root@f15.localdomain
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
               Public-Key: (1024 bit)



- start Apache
[root@f15 conf.d]# apachectl start


confirm SSL is enabled
[root@f15 conf.d]# wget https://127.0.0.1 --no-check-certificate
--2011-09-21 23:52:34--  https://127.0.0.1/
Connecting to 127.0.0.1:443... connected.
WARNING: cannot verify 127.0.0.1’s certificate, issued by “/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=f15.localdomain/emailAddress=root@f15.localdomain”:
 Unable to locally verify the issuer’s authority.
   WARNING: certificate common name “f15.localdomain” doesn't match requested host name “127.0.0.1”.
HTTP request sent, awaiting response... 200 OK
Length: 526 [text/html]
Saving to: “index.html”

100%[======================================>] 526         --.-K/s   in 0s      

2011-09-21 23:52:34 (4.45 MB/s) - “index.html” saved [526/526]



[ decrypt SSL traffic with ssldump ]

Client ( Utuntu , Firefox ) --------- Apache ( Fedora )

ssldump can decrypt SSL traffic under the following conditions
# man ssldump
      ssldump can decrypt traffic between two hosts if the following two con‐
      ditions are met:
             1. ssldump has the keys.
             2. Static RSA was used.


- configure Firefox to use static RSA.

Firefox -> about:config -> search “ssl” -> enable only “security.ssl3.rsa_rc4_128_sha”


capture SSL traffic on both client (Ubuntu11.04) and server ( Fedora 15 )

I could decrypt SSL traffic on Ubuntu machine , however I can’t decrypt on Fedora 15...

on Ubuntu , I could decrypt SSL :)
root@hat1:~# ssldump -i br0 -Ad -k localhost.key port 443
New TCP connection #2: hat1.local(48362) <-> f15.local(443)
2 1  0.0010 (0.0010)  C>SV3.1(53)  Handshake
     ClientHello
       Version 3.1
       random[32]=
         4e 7a 05 16 5a b5 10 30 3f 64 70 1c 4c 7a e1 6d
         20 6e 12 31 a3 92 33 93 b3 1d 05 74 7a 61 b8 2f
       cipher suites
       Unknown value 0xff
       TLS_RSA_WITH_RC4_128_SHA
       compression methods
                 NULL
2 2  0.0019 (0.0009)  S>CV3.1(53)  Handshake
     ServerHello
       Version 3.1
       random[32]=
         4e 7a 05 16 0e e1 6a d8 44 71 4f 56 b2 ef 67 67
         27 06 76 93 2e 88 47 83 dc 9c 65 8b 78 9b 5d 65
       session_id[0]=

       cipherSuite         TLS_RSA_WITH_RC4_128_SHA
       compressionMethod                   NULL
2 3  0.0019 (0.0000)  S>CV3.1(767)  Handshake
     Certificate
2 4  0.0019 (0.0000)  S>CV3.1(4)  Handshake
     ServerHelloDone
2 5  0.0584 (0.0564)  C>SV3.1(134)  Handshake
     ClientKeyExchange
       EncryptedPreMasterSecret[128]=
         86 30 17 79 da 85 92 7c 28 98 b9 c8 9a 46 f2 23
         6d 38 96 3a c8 f6 d7 a7 19 a8 81 d2 a0 7e 45 46
         15 80 16 f3 d8 36 75 41 40 73 91 1c e9 33 1d 4f
         da 2b a9 fb 50 1e 00 2d 30 14 99 b6 8d 36 5b d1
         f7 ae 41 14 97 d3 36 a3 c2 9d 30 3a b3 f3 4b fe
         79 0c a3 79 6a b6 38 fd 7d ab 66 29 33 c8 3d 1b
         d8 35 19 00 de 16 89 78 7e 0e 17 bb 7c 67 b2 c7
         06 c6 0d f8 df 8e b5 f8 47 9f 5b ab 02 70 08 42
2 6  0.0584 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
2 7  0.0584 (0.0000)  C>SV3.1(36)  Handshake
     Finished
       verify_data[12]=
         df 11 b4 22 6f 4b c7 c0 a9 da e6 3c

2 8  0.0621 (0.0037)  S>CV3.1(202)  Handshake
     TLS_RSA_WITH_RC4_128_MD52 9  0.0621 (0.0000)  S>CV3.1(1)  ChangeCipherSpec
2 10 0.0621 (0.0000)  S>CV3.1(36)  Handshake
     Finished
       verify_data[12]=
         89 e4 88 3c 04 27 3a 09 7a 9f 94 dd

2 11 0.0661 (0.0039)  C>SV3.1(372)  application_data
   ---------------------------------------------------------------
   GET /index.html HTTP/1.1
   Host: 192.168.11.150
   User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
   Accept-Language: ja,en-us;q=0.7,en;q=0.3
   Accept-Encoding: gzip, deflate
   Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7
   Connection: keep-alive
   
   ---------------------------------------------------------------
2 12 0.0670 (0.0009)  S>CV3.1(285)  application_data
   ---------------------------------------------------------------
   HTTP/1.1 200 OK
   Date: Wed, 21 Sep 2011 15:39:02 GMT
   Server: Apache/2.2.21 (Fedora)
   Last-Modified: Wed, 21 Sep 2011 14:56:04 GMT
   ETag: "80318-6-4ad74c67a39a9"
   Accept-Ranges: bytes
   Content-Length: 6
   Connection: close
   Content-Type: text/html; charset=UTF-8
   
   ---------------------------------------------------------------
2 13 0.0670 (0.0000)  S>CV3.1(26)  application_data
   ---------------------------------------------------------------
   hello
   ---------------------------------------------------------------
2 14 0.0670 (0.0000)  S>CV3.1(22)  Alert
   level           warning
   value           close_notify
2    0.0670 (0.0000)  S>C  TCP FIN
2 15 0.0678 (0.0007)  C>SV3.1(22)  Alert
   level           warning
   value           close_notify
2    0.0679 (0.0000)  C>S  TCP RST
New TCP connection #3: hat1.local(48363) <-> f15.local(443)
3 1  0.0008 (0.0008)  C>SV3.1(277)  Handshake
     ClientHello
       Version 3.1
       random[32]=
         4e 7a 05 16 9c 6f 97 27 81 55 7b 33 46 e6 94 7a
         4f 26 ab 93 a0 18 0b 24 f6 f3 20 fa 15 8a 2f 1f
       resume [32]=
         94 a7 49 4a 2e 80 cf 05 6e 7d af 2a e4 ec 77 17
         6a 4a f4 24 ea 84 cc 98 e9 e3 0e cd 60 94 59 a7
       cipher suites
       Unknown value 0xff
       TLS_RSA_WITH_RC4_128_SHA
       compression methods
                 NULL
3 2  0.0018 (0.0009)  S>CV3.1(81)  Handshake
     ServerHello
       Version 3.1
       random[32]=
         4e 7a 05 16 5b d0 98 fb 4c 8e a4 bc 70 b9 99 b7
         f1 1c cb 87 b2 33 c4 ca c7 64 58 bf 62 49 97 78
       session_id[32]=
         94 a7 49 4a 2e 80 cf 05 6e 7d af 2a e4 ec 77 17
         6a 4a f4 24 ea 84 cc 98 e9 e3 0e cd 60 94 59 a7
       cipherSuite         TLS_RSA_WITH_RC4_128_SHA
       compressionMethod                   NULL
3 3  0.0018 (0.0000)  S>CV3.1(1)  ChangeCipherSpec
3 4  0.0018 (0.0000)  S>CV3.1(36)  Handshake
3 5  0.0040 (0.0022)  C>SV3.1(1)  ChangeCipherSpec
3 6  0.0040 (0.0000)  C>SV3.1(36)  Handshake
3 7  0.0040 (0.0000)  C>SV3.1(343)  application_data
3 8  0.3194 (0.3153)  S>CV3.1(200)  application_data
3 9  0.3194 (0.0000)  S>CV3.1(310)  application_data
3 10 0.3194 (0.0000)  S>CV3.1(22)  Alert
3    0.3195 (0.0000)  S>C  TCP FIN
3 11 0.3201 (0.0006)  C>SV3.1(22)  Alert
3    0.3202 (0.0000)  C>S  TCP RST
New TCP connection #4: hat1.local(48364) <-> f15.local(443)
4 1  0.0006 (0.0006)  C>SV3.1(277)  Handshake
     ClientHello
       Version 3.1
       random[32]=
         4e 7a 05 16 df 10 11 0e 6e 77 f8 3a 8d fa 84 05
         03 4e f1 d7 73 4e ad e2 dd 58 ef 60 bb 59 8a e8
       resume [32]=
         94 a7 49 4a 2e 80 cf 05 6e 7d af 2a e4 ec 77 17
         6a 4a f4 24 ea 84 cc 98 e9 e3 0e cd 60 94 59 a7
       cipher suites
       Unknown value 0xff
       TLS_RSA_WITH_RC4_128_SHA
       compression methods
                 NULL
4 2  0.0015 (0.0009)  S>CV3.1(81)  Handshake
     ServerHello
       Version 3.1
       random[32]=
         4e 7a 05 16 7b bf 58 8f fc 3a 4b 10 cb 2d 48 7b
         ef 1d fd 39 68 26 6f 4b 74 aa 26 5b ee 95 e8 87
       session_id[32]=
         94 a7 49 4a 2e 80 cf 05 6e 7d af 2a e4 ec 77 17
         6a 4a f4 24 ea 84 cc 98 e9 e3 0e cd 60 94 59 a7
       cipherSuite         TLS_RSA_WITH_RC4_128_SHA
       compressionMethod                   NULL
4 3  0.0015 (0.0000)  S>CV3.1(1)  ChangeCipherSpec
4 4  0.0015 (0.0000)  S>CV3.1(36)  Handshake
4 5  0.0044 (0.0028)  C>SV3.1(1)  ChangeCipherSpec
4 6  0.0044 (0.0000)  C>SV3.1(36)  Handshake
4 7  0.0044 (0.0000)  C>SV3.1(373)  application_data
4 8  0.0054 (0.0009)  S>CV3.1(200)  application_data
4 9  0.0054 (0.0000)  S>CV3.1(310)  application_data
4 10 0.0054 (0.0000)  S>CV3.1(22)  Alert
4    0.0055 (0.0000)  S>C  TCP FIN
4 11 0.0060 (0.0005)  C>SV3.1(22)  Alert
4    0.0061 (0.0000)  C>S  TCP RST
^Croot@hat1:~#




on Fedora 15 , segmentation fault :(
[root@f15 ~]# ssldump -i eth0 -Ad -k /etc/pki/tls/private/localhost.key port 443
New TCP connection #1: 192.168.11.100(48362) <-> 192.168.11.150(443)
1 1  0.0010 (0.0010)  C>S V3.1(53)  Handshake
     ClientHello
       Version 3.1
       random[32]=
         4e 7a 05 16 5a b5 10 30 3f 64 70 1c 4c 7a e1 6d
         20 6e 12 31 a3 92 33 93 b3 1d 05 74 7a 61 b8 2f
       cipher suites
       Unknown value 0xff
       TLS_RSA_WITH_RC4_128_SHA
       compression methods
                 NULL
1 2  0.0014 (0.0004)  S>C V3.1(53)  Handshake
     ServerHello
       Version 3.1
       random[32]=
         4e 7a 05 16 0e e1 6a d8 44 71 4f 56 b2 ef 67 67
         27 06 76 93 2e 88 47 83 dc 9c 65 8b 78 9b 5d 65
       session_id[0]=

       cipherSuite         TLS_RSA_WITH_RC4_128_SHA
       compressionMethod                   NULL
1 3  0.0014 (0.0000)  S>C V3.1(767)  Handshake
     Certificate
1 4  0.0014 (0.0000)  S>C V3.1(4)  Handshake
     ServerHelloDone
1 5  0.0585 (0.0571)  C>S V3.1(134)  Handshake
     ClientKeyExchange
       EncryptedPreMasterSecret[128]=
         86 30 17 79 da 85 92 7c 28 98 b9 c8 9a 46 f2 23
         6d 38 96 3a c8 f6 d7 a7 19 a8 81 d2 a0 7e 45 46
         15 80 16 f3 d8 36 75 41 40 73 91 1c e9 33 1d 4f
         da 2b a9 fb 50 1e 00 2d 30 14 99 b6 8d 36 5b d1
         f7 ae 41 14 97 d3 36 a3 c2 9d 30 3a b3 f3 4b fe
         79 0c a3 79 6a b6 38 fd 7d ab 66 29 33 c8 3d 1b
         d8 35 19 00 de 16 89 78 7e 0e 17 bb 7c 67 b2 c7
         06 c6 0d f8 df 8e b5 f8 47 9f 5b ab 02 70 08 42
1 6  0.0585 (0.0000)  C>S V3.1(1)  ChangeCipherSpec
1 7  0.0585 (0.0000)  C>S V3.1(36)  Handshake
     Finished
       verify_data[12]=
         df 11 b4 22 6f 4b c7 c0 a9 da e6 3c

1 8  0.0617 (0.0031)  S>C V3.1(202)  Handshake
Segmentation fault (core dumped)