tcpdump mailing list archives
Re: Suggestion: Pcap-over-IP client support in
From: Michael Richardson <mcr () sandelman ca>
Date: Wed, 14 Sep 2011 22:51:28 -0400
"Rick" == Rick Jones <rick.jones2 () hp com> writes:
Rick> What are the issues/benefits/downfalls one way or t'other
Rick> between the two schemes - over ssh and a specific connection -
Rick> when it comes to making certain that this thing forwarding
Rick> captured traffic isn't simply chasing its own tail forwarding
Rick> captures of its forwarding of captures of its fowarding of
Rick> captures...
The issue is threefold:
1) libpcap, does not currently expose itself to the network in
through sockets. Any new code (particularly "server" code)
would increase risk.
(Yes, tcpdump has lots of vulnerabilities to buffer overflows,
but pcap doesn't really have the same issue, since it never
looks in the packets it captures)
2) anything we do which is "native", will be wrong for some use, and
any security we write will be wrong, and need to be extended, and
then will become complicated and brittle...
3) therefore, it's better to reuse the existing tools, which already
come in a variety of flavours (ssh, ssl, kerberos, passport,
https, oauth, socks, raw, rlogin, ...) rather than inventing
something new.
The push back is usually from the microsoft platform, designed only really to
load word, doesn't really provide any way to combine differing tools in new
ways. Ironically, windows has some of the best integrated security
authorization in the form of kerberos enabled AD, but doesn't provide a
simple equivalent to "ssh remotehost command" that uses AD.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Suggestion: Pcap-over-IP client support in tcpdump Erik Hjelmvik (Sep 13)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Guy Harris (Sep 13)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Erik Hjelmvik (Sep 13)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Guy Harris (Sep 13)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Michael Richardson (Sep 14)
- Re: Suggestion: Pcap-over-IP client support in Francois Goudal (Sep 14)
- Re: Suggestion: Pcap-over-IP client support in Rick Jones (Sep 14)
- Re: Suggestion: Pcap-over-IP client support in Michael Richardson (Sep 14)
- Re: Suggestion: Pcap-over-IP client support in rixed (Sep 15)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Erik Hjelmvik (Sep 13)
- Re: Suggestion: Pcap-over-IP client support in tcpdump Guy Harris (Sep 13)