Security Basics mailing list archives
Re: analyzing client / server traffic
From: James Washer <washer () trlp com>
Date: Fri, 4 Apr 2003 10:34:56 -0800
one trick I've used, which gives me a 'hint' of whether or not applications are really ecrypting, or just some form of compression/encoding is to attempt to send a HUGE block of a single character.. say 10000 'a's or something like that.. doesn't always work... but sometimes I'll see a huge block of some repeating pattern in the data stream... which means no encryption.. Sort of a 'known plaintext attack'. From there, you can try different plaintext blocks.. and can sometimes figure out the encoding. Not very scientific mind you... but occaisonally useful - jim On 3 Apr 2003 15:31:40 -0000 J J <j_joensuu () yahoo com> wrote:
Dear all, I have been sniffing at the communication between the client and the server part of a CRM-software that I support at work. Being that I at times get questions about the network security pertaining to this product, I wanted to see if it is possible to pinpoint where specific data such as login names, passwords (or software specific commands that an administrator can send from the client) are located within the packets sent by the client. The product uses a proprietory protocol, and looking at the data with tools such as Ethereal and the Ufasoft Sniffer surely did not reveal anything in clear text. I did also try converting my username to hex and looking for that as well, but did not find anything. So now I am at the situation where I do not know what to do next in order to further analyze the packets that I have captured (they are exported to a text and an .xml file). What sort of operations could one do with this sort of data? or would it help to get a packet analyzer? thanks for any advice, JJ ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
Current thread:
- analyzing client / server traffic J J (Apr 04)
- Re: analyzing client / server traffic James Washer (Apr 04)
- Re: analyzing client / server traffic Jonathan Strine (Apr 07)