tcpdump mailing list archives
Re: Suggestion: Pcap-over-IP client support in
From: Michael Richardson <mcr () sandelman ca>
Date: Wed, 14 Sep 2011 22:51:28 -0400
"Rick" == Rick Jones <rick.jones2 () hp com> writes:
Rick> What are the issues/benefits/downfalls one way or t'other Rick> between the two schemes - over ssh and a specific connection - Rick> when it comes to making certain that this thing forwarding Rick> captured traffic isn't simply chasing its own tail forwarding Rick> captures of its forwarding of captures of its fowarding of Rick> captures... The issue is threefold: 1) libpcap, does not currently expose itself to the network in through sockets. Any new code (particularly "server" code) would increase risk. (Yes, tcpdump has lots of vulnerabilities to buffer overflows, but pcap doesn't really have the same issue, since it never looks in the packets it captures) 2) anything we do which is "native", will be wrong for some use, and any security we write will be wrong, and need to be extended, and then will become complicated and brittle... 3) therefore, it's better to reuse the existing tools, which already come in a variety of flavours (ssh, ssl, kerberos, passport, https, oauth, socks, raw, rlogin, ...) rather than inventing something new. The push back is usually from the microsoft platform, designed only really to load word, doesn't really provide any way to combine differing tools in new ways. Ironically, windows has some of the best integrated security authorization in the form of kerberos enabled AD, but doesn't provide a simple equivalent to "ssh remotehost command" that uses AD. -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the petition. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Suggestion: Pcap-over-IP client support in tcpdump Erik Hjelmvik (Sep 13)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Guy Harris (Sep 13)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Erik Hjelmvik (Sep 13)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Guy Harris (Sep 13)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Michael Richardson (Sep 14)
- Re: Suggestion: Pcap-over-IP client support in Francois Goudal (Sep 14)
- Re: Suggestion: Pcap-over-IP client support in Rick Jones (Sep 14)
- Re: Suggestion: Pcap-over-IP client support in Michael Richardson (Sep 14)
- Re: Suggestion: Pcap-over-IP client support in rixed (Sep 15)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Erik Hjelmvik (Sep 13)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Guy Harris (Sep 13)