Log inUsernamePassword
Log me on automatically each visit    
Register
Register
Log in to check your private messages
Log in to check your private messages
SMS Forum Index » SMS User Support

Post new topic   Reply to topic
ssldump
View previous topic :: View next topic  
Author Message
Lars
Senior Member


Joined: 25 Oct 2010
Posts: 136

PostPosted: Thu Mar 15, 2012 11:28 am    Post subject: ssldump Reply with quote

Hi gerasimos_h!

A question far out of line, and I must say it's perfectly allright if you say it is and don't answer!

I have got S*M*S v SMS 1.6.0 (i486) with OpenSSL 0.9.8r, libpcap version 1.1.1 and tcpdump version 4.1.1 installed and working.

I cannot find a working version of ssldump that works in my S*M*S? It seems Slackware dropped the package after version 10 and the newer versions are built for x86_64 only.

Tried to install ssldump-0.9b3-i686-1aba.tgz but trying to run it comes out with:
"ERROR: Couldn't create network handler"

Tried to install the same version -ssldump-0.9b3- from sourcecode but fails in "make" at:
"make: *** [pcap-snoop.o] Error 1"

probably a version-problem related to libpcap (that works with tcpdump).

I found the tool tcpdump very useful and wanted to install ssldump mainly for monitoring the ssl-traffic from my https-site.

And, as I said, even if I should be glad if you could help me out, it's perfectly OK if you think it is out of line!

Best regards
Lars
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Thu Mar 15, 2012 5:11 pm    Post subject: Reply with quote

As long as you are using SMS you are not out of line Wink
If you were using another distribution and you were asking for help, then I suppose you should be out of line.

ssldump is an old package, the slackbuild from slacky.eu it's working
http://repository.slacky.eu/slackware64-13.37/network/ssldump/20050329/src/
since it's using latest CVS from 2005.
Just change you arch to i486 in slackbuild.

I have some builds of wireshark which I'm thinking adding them in extra since it's about 8.5MB and they have GUI.

If you want to build it just use the slackbuild from
http://slackbuilds.org/repository/13.37/network/wireshark/

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
Lars
Senior Member


Joined: 25 Oct 2010
Posts: 136

PostPosted: Thu Mar 15, 2012 7:18 pm    Post subject: Reply with quote

Hurrah! Very Happy it's working!
Primarily I just get an error: Length mismatch, but I think it's because I'm not handling it correctly!

This -ssldump Slackbuild- was really something I learned something from! I had seen this script but didn't dare to use it because it was old, it was x86_64, it was not packed and I didn't know how to find the src.

Does the script, as it seems, fetch the src from sourceforge?

Anyway, I had ssldump 09b.tar.gz (the one I tried to install sourcecode way), put it in the same directory as the ssldump.Slackbuild, changed the architecture as you said. And it worked Idea ! (Had been occupied with ssldump for at least 8 hours before I asked you)

The other tool you suggest, seems heavy, but competent? Do you know if it can decrypt the traffic like ssldump?

In fact I tried the Slackbuild you suggested yesterday, but got stuck at the dependency of GTK+ 2.4 that I couldn't find anywhere, just 2.24, so I installed the package wireshark-1.6.5-i486-1sl.txz, that depended of:
c-ares-1.7.5-i686-1cf.txz
heimdal-libraries-1.4-i486-2gsb.txz
krb5-1.9.1-i486-3sl.txz
libsmi-0.4.8-i486-3sl.txz
lua-5.1.4-i686-4cf.txz
portaudio-20110326-i486-1sl.txz
that I installed and finally got wireshark working, but stripped of all the help menus and some malfunctions as |cannot execute child process "xdg-open"|, |Error during loading:
[string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled"
| and a warning running it as root when I on the other hand cannot monitor eth0 running it as a user?

But, is it good at monitoring and do you know if it can decrypt the traffic?

Again gerasimos: Thank you! Now I know better what you think is out of line
Wink

Lars
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Thu Mar 15, 2012 9:12 pm    Post subject: Reply with quote

ssldump:
The script fetch source from svn, same as downloading from
http://ssldump.cvs.sourceforge.net/ssldump/

wireshark:
Yes, it supports ssl/tls decrypt.
I'm syncing current which it has wireshark, I haven't test it at older versions though of SMS, but might work.

By the way you tried slackbuild from slacky.eu, I suggest from slackbuilds.org
slacky's build has kerberos, lua which might cause problems.

To run it as user and have full permissions start it with
Code:
setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap


gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
Lars
Senior Member


Joined: 25 Oct 2010
Posts: 136

PostPosted: Thu Mar 15, 2012 9:31 pm    Post subject: Reply with quote

Well, tried again, but as I described above I got stuck at GTK+2.4-dependency:
Code:
configure: error: GTK+ 2.4 or later isn't available, so Wireshark can't be compiled

and couldn't find any newer version than 2-2.4....? ....or, is that version 2.4 and there is a problem with my GTK-installation?

Lars
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Fri Mar 16, 2012 6:54 am    Post subject: Reply with quote

Run this code to check gtk+, if output is '0' you are ok if it's '1' something is wrong.
Code:
pkg-config --atleast-version=2.4 gtk+-2.0 && echo $?


That's gtk+2-2.24.4 so you are OK.
You can try to install gtk+2 package again to see if this fix it.

You can also try the build from extra
http://sms.it-ccs.com/isos/SMS-Current/extra/packages/wireshark-1.6.5-i486-1sms.txz
But I doubt if it will work correct.


gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
Lars
Senior Member


Joined: 25 Oct 2010
Posts: 136

PostPosted: Fri Mar 16, 2012 9:41 am    Post subject: Reply with quote

Good morning Wink !

Output of
# pkg-config --atleast-version=2.4 gtk+-2.0 && echo $?
0
So it seems everything was OK with the GTK+. I didn't dare reinstall it if anything should go wrong since i thought that many other applications depend on it.

However, tried your wireshark version for SMS 1.6.5 and as much I can evaluate here and now, it really seems to work Very Happy ! The errors with "cannot execute child process "xdg-open" and "string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled" are gone, have access to the man and help files through the gui, and capture seems to work allright.

But can I ask you one more time about starting wireshark as a user with the argument
Code:
setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

Perhaps I do not set it right, but the best answer I get is setting it with
$ wireshark -setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
wireshark: The specified snapshot length "etcap" isn't a decimal number

All other ways I could think of returned me to the wireshark "usage section"?

Regards
Lars
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Fri Mar 16, 2012 11:16 am    Post subject: Reply with quote

Assuming your user is in sudoers.
If it's not just add in /etc/sudoers.d a file with
Code:
youruser  ALL=/sbin/setcap

or add the above line in /etc/sudoers.

To start wireshark enter
Code:
sudo /sbin/setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap && wireshark


gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
Lars
Senior Member


Joined: 25 Oct 2010
Posts: 136

PostPosted: Fri Mar 16, 2012 1:36 pm    Post subject: Reply with quote

Very Happy !

Well thank you very muck gerasimos! I now have got a server working the way I wanted with httpd, vsftpd, both also configured with options to run SSL/TLS, and tor completed with the possiblities vidalia and polipo. That is a working http & https-server, ftp and ftps server and a tor-router, and tools to monitor my network traffic Smile !

Perhaps I'll stop here, though my S*M*S-version is old. Perhaps I'll update it when you move to Slackware 14, not before, because I remember that the basic setup of SMS was not all that easy.

Anyway, I think you made a perfect server software with many features that I still haven't used.

Thank you for all your help with the tor softwares and the monitoring tool!

All the best!

Lars
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    SMS Forum Index » SMS User Support All times are GMT + 2 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional