RE: VNC Protocol trace

Wed, 31 Oct 2001 08:29:13 -0800 

This is  brief description of handshake between server and viewer.
// RFB Handshake
// 1. Server => Viewer 12 bytes of RFBVersion of Server
// 2. Viewer => Server 12 bytes of RFBVersion of Viewer
// 3. Server => Viewer  4 bytes of auth schme used by the server 
//                                              0 = conn failed, 1 = no auth
2 = vnc auth
// 4.   (i) if on step 3 the value is 0 then Server => Viewer 
// 4 bytes                              reason length
// reason-length                resaon string
                 
//              (ii) if on step 3 the value is 2 then 
//                              Server => Viewer 16 byte challenge
//                              Viewer => Server 16 byte response
//                              Server => Viewer 4 byte status  0== OK 1 ==
Failed 2 == too many 
//                       if the value of status is 1 then this step is
repeated 
//              (iii) if on step 3 the value is 1 then no data is exchnaged
in this step. 
//      5. if auth has succeeded or no auth was required then Viewer =>
Server 1 byte shared flag.
//  6. This ends handshake

-----Original Message-----
From: Chris Hare, CISSP, CISA [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 26, 2001 11:19 PM
To: [EMAIL PROTECTED]
Subject: VNC Protocol trace


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I am looking at a VNC protocol trace between a WinVN client and a VNC
server running on a unix system.  I have found the packets with the
protocol version from the client to the server, and then from the
server to the client.  what I want to understand is"

a) are there any other packets after the server send its protocol
version to the client before the authentication starts, or is the
next packet sent from the server the authentication mode (i.e. 0,1 or
2)?

If anyone has ever done a protocol trace using tcpdump and documented
the phases in the trace, that would be very useful to the exercise I
am undertaking.

Thanks.

Chris

- --
Chris Hare, CISSP, CISA
[EMAIL PROTECTED]


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO9pRzbP6rSnwJKNIEQKphwCfePBNQ0Q64sjY5Qud4AT38U3OPLkAoJpf
MENlUpCBjeg8z096PuNXALeA
=dvvc
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, mail [EMAIL PROTECTED] with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail [EMAIL PROTECTED] with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------

Reply via email to