On Thu, Nov 07, 2002 at 12:16:56PM -0800, Nate McFeters wrote:
> What I'm trying to do is demonstrate to my class that without using
> SSL or similar encryption algorithims, passwords and information comes
> accross the line in clear text when using the Java RMI. Unfortunately,
> I've been unable to capture the packets I need. What should happen is
> that my program should send passwords accross in clear text, but I'm not
> even seeing the passwords come accross. How can I remedy this?
Well, for starters, if the two endpoints are on the same machine,
capture on the loopback interface - and, if Ethereal won't let you
capture on the loopback interface, run your application on an OS that
*does* let you do that (Linux, one of the BSDs, Digital UNIX). See my
previous reply to you on this topic:
http://www.ethereal.com/lists/ethereal-users/200211/msg00050.html
Once you've fixed that, make sure that if you're using a capture filter
the filter will capture the traffic you want.
Then run the capture and, if Ethereal doesn't display any RMI packets,
see whether the RMI traffic is using a TCP port other than port 1099.
If so, the problem is that Ethereal's RMI dissector is wired to use that
port, and you'd have to use the "Decode As" menu item to force it to
dissect other traffic as RMI.