Re: [Nbd] tech documentation
- To: nbd-general@lists.sourceforge.net
- Subject: Re: [Nbd] tech documentation
- From: Phil Howard <phil-nbd-general@...98...>
- Date: Thu, 19 Oct 2006 16:24:59 -0500
- Message-id: <20061019212458.GA5623@...100...>
- In-reply-to: <20061019192312.GC15959@...39...>
- References: <20061018194520.GA14013@...99...> <20061019101542.GJ5591@...39...> <20061019110925.GK5591@...39...> <20061019122918.GA32086@...100...> <20061019131936.GB7310@...39...> <20061019164919.GA3774@...100...> <20061019192312.GC15959@...39...>
On Thu, Oct 19, 2006 at 09:23:12PM +0200, Wouter Verhelst wrote:
| > Obviously, there is no security in this. The administrator is clearly
| > responsible for confining the connection to a safe and trusted network.
|
| Yes, absolutely. nbd-server has a minimal way to limit something to a
| given IP address, but that's not very advanced; having something else to
| limit the connection (a firewall, probably) is an absolute requirement
| whenever security is a concern.
I could at least add some code that expands that test a bit by allowing
a CIDR format specified subnet range.
| > It does seem quite simple. I'll try first to make a dissector in the form
| > of a formatter for my tcprelay program, and use that to work up understanding
| > what all is happening.
|
| That'd work :-)
|
| > What form of dissector would you have wanted:
|
| Ethereal is a sniffer, with support for loads of network protocols; it
| can visualize them, and allow you to see what is going over the wire
| without requiring access to one or the other end. Obviously it requires
| access to some point in between; but obviously anything like a hub,
| managed switch, or 10BASE2 cable will work.
|
| An ethereal dissector is a module that gets compiled into it and which
| decodes a specific protocol, so that you can see the value of all the
| fields and whatnot. I had a look at it once, and the API is so that you
| can say "I have a protocol which is situated in this layer"; ethereal
| will then only give you the data from that layer, so the IP and/or TCP
| decoding is already done.
Strange. I've never heard of Ethereal. I'll have to go look at it.
I tend to not like sniffers like that for the TCP/SCTP layers. The reason
is because it can lose packets. Since it isn't participating in the TCP
or SCTP layer protocol, it can't request recovery, and thus get out of
sync. If what it loses is an NBD header, it won't know where the next
header is in what data it does manage to get.
| That being said...
|
| > 5. Something to dissect/format captured data from a tcprelay intercept
| > program?
|
| ... anything which can read libpcap data and format it somehow would
| work, too; it doesn't /have/ to be ethereal (though I know that best).
| But if you use that, it will do the IP and TCP decoding for you, so that
| you can focus on "just" the NBD bits.
That's certainly what I would want to focus on.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
Reply to: