Announcement

Collapse
No announcement yet.

sniftering encryption traffic

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • sniftering encryption traffic

    Hi,

    I've configured SQL 2005 with Encryption certificate technologies between the server and the client and i want to sniff the network to see if the traffic is really secured and to see the different between secured and unsecured.
    I've MS network monitor and Ethereal my question is how i can check the traffic on secure and unsecured?

    Thx

  • #2
    Re: sniftering encryption traffic

    errrr if the snifferdata doesn't make any sence?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: sniftering encryption traffic

      Hi,
      Step back a little bit forget about encrypted and unencrypted to start with, that is your goal but you must first just get used to using one of those sniffers. (I'm assuming you are unfamiliar with sniffers, otherwise I don't follow your question.) Of the two I'd go with Ethereal as Netmon has some limitations on what it will monitor.
      Use the filters to filter traffic on a port or ip range. You can use these filters on a capture or on captured data. Both programs come with pre-made failters which should give a good example of the syntax they use.
      Once you are comfortable with that construct a filter on the ports, protocols and/or ips you wish to monitor. Then run through the scenarios you wish to investigate. Finally compare the captures to see the difference in traffic.


      Btw do you actually want to see the encrypted packets and how they compare or just if encryption is taking place (is forced)?
      If the latter there are easier ways to do this:
      For SSL, look at Configuring SSL for SQL Server step 5.
      For IPsec just adjusting the IPSec requested/required setting.
      I don't know anything about (you or your) computers.
      Research/test for yourself when listening to free advice.

      Comment


      • #4
        Re: sniftering encryption traffic

        In addition to what Maebe posted, you could also try experimenting with Snort (and NETCAT) on your windows box.

        Once you get SNORT and NETCAT installed, you can use the following command:

        snort -vdi %d > <name of your dump.txt>

        Here is an example dump of something sent over port 443 (SSL):

        ---------------------------------------------------------------------------

        07/16-22:27:36.914981 X.X.X.X:443 -> 192.168.1.103:1443
        TCP TTL:39 TOS:0x0 ID:31553 IpLen:20 DgmLen:150 DF
        ***AP*** Seq: 0x894FBDDE Ack: 0xCAB2AC77 Win: 0x29B0 TcpLen: 20
        17 03 01 00 69 A9 4A 85 E6 0A BF C8 58 69 B2 4D ....i.J.....Xi.M
        84 2D A4 59 DD 2B 55 D7 87 C8 03 E3 0D E5 9B 2F .-.Y.+U......../
        9A 46 40 F4 42 50 02 89 41 91 42 B4 79 82 80 E8 [email protected]
        4A CE D3 C7 A2 60 17 51 15 EB 89 7D 13 9C 30 FD J....`.Q...}..0.
        D0 3C FD 35 94 78 31 6A F4 3D A6 9C B2 73 B3 22 .<.5.x1j.=...s."
        60 E9 DE 9A 3C 31 C7 88 29 ED 2B CF 27 70 0B 67 `...<1..).+.'p.g
        B1 69 D0 16 21 43 C2 A2 49 0C 9C 35 67 C2 .i..!C..I..5g.

        ---------------------------------------------------------------------------

        Obviously, if you can read or figure out any of the text then encryption is not happening!

        Comment

        Working...
        X