Daniel Underwood wrote:
Hi folks:(1) I'm only used Wireshark and Ethereal to inspect network traffic, and I've only used these on several occasion. Would someone suggest FreeBSD alternatives (console or xserver based?
wireshark, formerly known as ethereal works just fine on FreeBSD. If you want a console based variant, there's tshark, which is just wireshark without X11 support. All in the ports: net/wireshark, net/tshark As mentioned elsewhere, you can use tcpdump (bundled with the system) to capture traffic that you can later feed into wireshark for analysis. Handy hint: be aware that tcpdump generally only captures the packet headers and not the full packet content. To capture everything add '-s 0' to the tcpdump command line.
(2) I'm testing my connection to a remote server. The connection is supposed to be encrypted. What's the easiest way to verify that the data is in fact being encrypted? I don't care to validate the encryption itself; I trust that it is working properly, if it's working at all. I just want to know what, if anything, I can look for in the traffic that will indicate encryption (e.g., is the initiation of key-exchanges easy to locate?).
There are two possibilities: (a) capture session traffic over the wire and from that demonstrate the traffic is encrypted. Unless the plaintext is obviously ascii or otherwise readily identifiable, this might be a bit tricky. Probably the only 100% certain answer is to be able to decrypt the session traffic. (b) connect to the remote network port using eg. netcat (see nc(1)), telnet or 'openssl s_client' -- in the first two cases the idea would be to check that the server would not permit an unencrypted session; for the last case the idea is to check that the connection does handle presenting keysand certs correctly. Obviously this will depend on knowledge of how your particular communications protocol works.
Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
Description: OpenPGP digital signature