Re: tracing port to port
Filip Hanik - Dev Lists wrote: wireshark.org Thanks. I had seen that name several times, but it is only yesterday that someone told me that this was the new name for Ethereal. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tracing port to port
André, two questions: what type of conenction is the servlet using? Is it RMI, Socket, something else? If you're not happy with Wireshark, there might be an approach which takes a bit more effort but might work in case the Java-classes are not obfuscated: Talking RMI: - try to decompile the Java-classes from the war (nice software to do that might be http://java.decompiler.free.fr or simply try JAD) - find the RMI-interfaces - write an RMI-proxy which dumps the information using either console-output or log4j or whatever you like - after that, forward the RMI-information from the proxy to the Java-Demon Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tracing port to port
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 3/17/2009 8:02 PM, Filip Hanik - Dev Lists wrote: wireshark.org +1 Wireshark does full TCP capture but also understands protocols, so it will show you only the HTTP details for a particular packet, etc. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknBCXAACgkQ9CaO5/Lv0PA3GQCZAXUMXaj8xxJvkDCLdod2tC46 yEwAn0eneLEDM1ragxHBzElzPb010zoD =6Ghf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tracing port to port
On Wed, Mar 18, 2009 at 3:47 PM, Christopher Schultz ch...@christopherschultz.net wrote: Wireshark does full TCP capture but also understands protocols, so it will show you only the HTTP details for a particular packet, etc. But will this help to find out the characterset of encoded string in an RMI-object? If I understand André correctly, he wants to find out the encoding dirung the communication between servlet java-demon - I doubt that this goes as HTTP over the wire. @André: Maybe you could give a more detailled description of your problem, so that we might come up with some more helpful ideas? Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tracing port to port
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gregor, On 3/18/2009 11:08 AM, Gregor Schneider wrote: On Wed, Mar 18, 2009 at 3:47 PM, Christopher Schultz ch...@christopherschultz.net wrote: Wireshark does full TCP capture but also understands protocols, so it will show you only the HTTP details for a particular packet, etc. But will this help to find out the characterset of encoded string in an RMI-object? Er, RMI objects should be sent using no encoding... that is, serialized objects encode themselves. For java.lang.String, the serialized form is always in UTF-8. From section 6.2 (Stream Elements) of the java serialization protocol: The representation of String objects consists of length information followed by the contents of the string encoded in modified UTF-8. The modified UTF-8 encoding is the same as used in the JavaTM Virtual Machine and in the java.io.DataInput and DataOutput interfaces; it differs from standard UTF-8 in the representation of supplementary characters and of the null character. There should be no concern with RMI, here. If I understand André correctly, he wants to find out the encoding dirung the communication between servlet java-demon - I doubt that this goes as HTTP over the wire. He doesn't say whether he's using RMI, but my guess is he isn't. I suspect he's using something ad-hoc. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknBHLIACgkQ9CaO5/Lv0PByIgCgj7eMQkAc1ZcZ7ldy78Qts3eB JOUAn3Yoo9AZ7gyExUC6A25xFhW6bnwF =bw9A -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tracing port to port
Gregor Schneider wrote: If I understand André correctly, he wants to find out the encoding dirung the communication between servlet java-demon - I doubt that this goes as HTTP over the wire. True. It's not HTTP. In fact it is .. well .. nothing, apart from TCP. The servlet just opens a socket to the external daemon, and writes to it with a PrintWriter. Which kind of begs the question : how does Wireshark figure out if the contents of a packet are HTTP or not ? It must be either heuristic by sniffing the content, or else just by the port in use ? But that's kind of risky, no ? I think I'll have to refresh my TCP knowledge base, to see if there is any byte somewhere in a TCP header specifying the internet protocol. But I don't think so. @André: Maybe you could give a more detailled description of your problem, so that we might come up with some more helpful ideas? Well, I realise now that my description, and wishes, were kind of stupid, particularly the bit about displaying in some specific encoding. I wrote that late at night though ;-) Of course I can do that by changing my locale and my terminal emulation I guess. Duh. Can one delete one's post from the Tomcat list archives, or is it preserved for posterity ? Please ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tracing port to port
From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: tracing port to port how does Wireshark figure out if the contents of a packet are HTTP or not ? It must be either heuristic by sniffing the content, or else just by the port in use ? It does both. The protocol determination and analysis are extremely clever; even for SMB work, it's way better than Microsoft's NetMon. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] RE: tracing port to port
From: André Warnier [mailto:a...@ice-sa.com] I think I'll have to refresh my TCP knowledge base, to see if there is any byte somewhere in a TCP header specifying the internet protocol. But I don't think so. Sort of :-). The nearest you get is the four bytes specifying the source and destination port numbers - though as you already know that's subject to considerable latitude in interpretation! In particular, if one of those values is a well-known port (http://www.iana.org/assignments/port-numbers), the corresponding protocol RFC-SHOULD* be in use - Peter * Acronym decoder for those who are about to complain: Internet Engineering Task Force (IETF) Requests for Comments (RFCs) frequently make use of MUST, SHOULD, MAY, SHOULD NOT or MUST NOT (capitalised in that way) to indicate how a correct system behaves. This has entered some more general Internet parlance, so RFC-SHOULD can be taken to mean SHOULD as defined in RFC 2119 (http://www.ietf.org/rfc/rfc2119.txt). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tracing port to port
Hi. I know this is only tenuously Tomcat-related, and apologise in advance. I'll be content with one-liners. I have to trace the byte data that circulates back and forth between a Tomcat servlet (the tenuous connection) and a separate Java daemon to which the servlet establishes this connection. Both are running on the same Linux host. My purpose is legitimate, but I do not have the source code of either of these modules. I would like to be able just to figure out in as readable a way as possible, what charset/encoding is being used in one direction and in the other (not necessarily the same). I am not interested in the TCP protocol details, just the data inside the packets. A tool that shows what is being exchanged in the least cryptic way possible would have my preference, and one that allows me to choose the charset in which I display ditto would be even better. Which one would you here gurus recommend ? Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tracing port to port
wireshark.org André Warnier wrote: Hi. I know this is only tenuously Tomcat-related, and apologise in advance. I'll be content with one-liners. I have to trace the byte data that circulates back and forth between a Tomcat servlet (the tenuous connection) and a separate Java daemon to which the servlet establishes this connection. Both are running on the same Linux host. My purpose is legitimate, but I do not have the source code of either of these modules. I would like to be able just to figure out in as readable a way as possible, what charset/encoding is being used in one direction and in the other (not necessarily the same). I am not interested in the TCP protocol details, just the data inside the packets. A tool that shows what is being exchanged in the least cryptic way possible would have my preference, and one that allows me to choose the charset in which I display ditto would be even better. Which one would you here gurus recommend ? Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
