Ethereal-dev: RE: [Ethereal-dev] Idea for ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Fulvio Risso" <fulvio.risso@xxxxxxxxx>
Date: Thu, 8 Apr 2004 11:01:32 +0200

> -----Original Message-----
> From: ethereal-dev-bounces@xxxxxxxxxxxx
> [mailto:ethereal-dev-bounces@xxxxxxxxxxxx]On Behalf Of Ronnie Sahlberg
> Sent: giovedì 8 aprile 2004 8.56
> To: Ethereal development
> Subject: Re: [Ethereal-dev] Idea for ethereal
>
>
> From: "Fulvio Risso"
> Sent: Thursday, April 08, 2004 4:50 PM
> Subject: RE: [Ethereal-dev] Idea for ethereal
> ...
> >> So, anyone wants eternal fame and glory?   head over to
> >> www.tcpdump.org and
> >> offer your dedication to port this rpcap thing into libpcap.
> >
> >Not correct.
> >Go to the tcpdump.org community, convince them that remote
> capture can be a
> >good thing, and then I can do the merge (with a litte help of some UNIX
> >experts regarding makefiles, autoconf and such this stuff).
>
> Oh, I didnt know that. I was of the impression that there was
> just the case
> that no one
> wanted to do the actual work themself.
> Any idea why they dont want it integrated?

Because:
- code is not well tested (but this is the chicken and egg problem; if you
do not use the code, you cannot test it)
- security is very poor (in case you want to use username/password for
authentication on the remote machine, this travels in clear)

However:
- ftp, telnet, pop3 have a security mechanism that is not stronger than
rpcap
- you're not forced to use username/pwd authentication (you can configure
the daemon to accept connections only from a given set of hosts)
- the code is freely available, so anyone that needs a stronger security
mechanism can implement that
- currently, most of the tools that can use remote capture (among the other
snort and ntop) do not support username/password, so the only way to protect
yourself is to configure the rpcap daemon to refuse connections coming from
unknown hosts.

Cheers,

	fulvio