Hi Fulvio,
Authentication and link encryption is a very difficult problem, which
many programs have tried and failed to implement propertly. For
example look at how many different iterations SSH had to go through
with vulns found regularly in the first few years. Some of those
vulns occured in the implementation (eg bounds checking) others in
the actual protocol (we have ssh v1 which is obsolete etc.).
My thinking is that its better to outsource this difficult problem to
those which have had a lot of experience in this field - e.g.
openssh. You also get all the extra bonuses like choice of
cryptos/authentication, priv sep etc.
How about something like this:
ssh root@remote tcpdump -s0 -w - not port 22 > /tmp/capture.pcap
and ethereal -r /tmp/capture.pcap
Or simply some equivalent wrapping around the same concept from the
GUI? (would be really nice if ethereal could read from a pipe into
a memory map so you dont need a temp file at all).
This works for windows as well as openssh is also available for
windows.
Alternatively use something like SSL for example to do the same
thing? It all comes down to the basic unix philosophy of small tools
to do small tasks. For example if ethereal gui had an option like
"launch external command to obtain capture" we could use ssh if we
want, or ssl (using curl) if we wanted as well - whatever is
appropriate for the exact situation.
Michael.
On Sat, Jun 04, 2005 at 03:57:50PM +0200, Fulvio Risso wrote:
>
>
> > -----Original Message-----
> > From: Manickam,V,Vasanth,XDP77A C
> > [mailto:ethereal-dev-bounces@xxxxxxxxxxxx]On Behalf Of
> > vasanth.manickam@xxxxxx
> > Sent: sabato 4 giugno 2005 14.38
> > To: ethereal-dev@xxxxxxxxxxxx
> > Subject: RE: [Ethereal-dev] Google "Summer of code"
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: ethereal-dev-bounces@xxxxxxxxxxxx on behalf of Guy Harris
> > Sent: Sat 04/06/2005 10:49
> > To: Ethereal development
> > Cc: gilbertr@xxxxxxxxx
> > Subject: Re: [Ethereal-dev] Google "Summer of code"
> > vasanth.manickam@xxxxxx wrote:
> > > I was wondering if the Ethereal community could take part in this
> > > http://code.google.com/mentfaq.html as a Mentoring Organization. Me and
> > > a couple of other students are interested in working on the remote
> > > capture module of ethereal over the summer.
> >
> > To which remote capture module are you referring?
> >
> > WinPcap includes remote capture capabilities, and a lot of the code will
> > probably just work on UN*X as well, although the *current* protocol
> > doesn't, I think, have as much authentication capability as some might
> > want - perhaps something SPNEGO-based is called for, allowing the client
> > and server to negotiate what flavor of authentication to use.
> >
> > Remote capture really belongs in libpcap/WinPcap, so that it's available
> > to all applications (or, at least, to all applications that use an API
> > capable of supporting the authentication required by the capture server).
> >
> > _______________________________________________
> >
> > I see that WinPcap supports remote capture but Ethereal is unable
> > to use this capability on the supported platforms. I understand
> > that Ethereal does not want to use this feature as it is not
> > supported by libpcap but just by WinPcap. I thought it would be
> > advantageous if Ethereal could support this feature on windows.
> > But I agree it would be far better if the remote capture feature
> > was added to the underlying library on all platforms...
>
> Remote capture works on Win32, Linux and FreeBSD at least.
> The biggest problem of committing this code to libpcap (and not only to
> WinPcap) is that we need some stronger security mechanisms for user
> authentication and such. This is the reason that prevented me from
> committing the remote code to libpcap as well, in addiction to WinPcap.
>
> fulvio
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
