one trick I've used, which gives me a 'hint' of whether or not applications are really ecrypting, or just some form of compression/encoding is to attempt to send a HUGE block of a single character.. say 10000 'a's or something like that.. doesn't always work... but sometimes I'll see a huge block of some repeating pattern in the data stream... which means no encryption.. Sort of a 'known plaintext attack'. From there, you can try different plaintext blocks.. and can sometimes figure out the encoding.
Not very scientific mind you... but occaisonally useful - jim On 3 Apr 2003 15:31:40 -0000 J J <[EMAIL PROTECTED]> wrote: > > > Dear all, > > I have been sniffing at the communication between the client and the > server part of a CRM-software that I support at work. Being that I at > times get questions about the network security pertaining to this product, > I wanted to see if it is possible to pinpoint where specific data such as > login names, passwords (or software specific commands that an > administrator can send from the client) are located within the packets > sent by the client. > > The product uses a proprietory protocol, and looking at the data with > tools such as Ethereal and the Ufasoft Sniffer surely did not reveal > anything in clear text. I did also try converting my username to hex and > looking for that as well, but did not find anything. > > So now I am at the situation where I do not know what to do next in order > to further analyze the packets that I have captured (they are exported to > a text and an .xml file). What sort of operations could one do with this > sort of data? or would it help to get a packet analyzer? > > thanks for any advice, > > JJ > > ------------------------------------------------------------------- > SurfControl E-mail Filter puts the brakes on spam, > viruses and malicious code. Safeguard your business > critical communications. Download a free 30-day trial: > http://www.securityfocus.com/SurfControl-security-basics > ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
