[ale] Monitor Internet Traffic

Darrell Golliher darrell at golliher.net
Wed Aug 12 21:18:50 EDT 2015 

Thanks or all the responses y’all.   My need for sniffing has been satisfied — partly though your help and partly though some dumb luck / trial an error I determined what I need to about my Sharp TV.




cheers,




-Darrell


—http://golliher.net

On Wed, Aug 12, 2015 at 2:43 PM, Michael B. Trausch <mike at trausch.us>
wrote:

> On Wed, 2015-08-12 at 11:31 -0700, Darrell Golliher wrote:
>> Anybody have a easy to use way to listen in on a network connection
>> that uses a line based text protocol?  In other words something that
>> taps into a telnet connection, but on a custom port.    I’m looking
>> for something to show me exactly what is transpiring between my
>> networked Sharp TV and the Sharp remote control app.   
>> 
>> I tried wireshark, though I’m completely unskilled in its use.  What
>> it produces for me does not look like the text based traffic I’m
>> looking for.
> If you know the <ip:port> tuple you wish to monitor, just use tcpdump
> (which you can use to save a file to later analyze in Wireshark).
> Also, common mistake: Telnet and raw TCP stream are *NOT* the same. 
>  Telnet specifies a network virtual terminal on top of the TCP socket,
> and a Telnet link isn't wholly binary clean.  A raw TCP stream is just
> that.  It just so happens that you can often use a telnet client to
> connect to a raw TCP stream because the Telnet commands are often
> ignored by ASCII/UTF-8 based layer 7 protocols.  If you want to use a
> binary-safe method that doesn't inject any extra bytes into the stream,
> use netcat, socat, or similar tools.
> However, you should note that you may not find what you're looking
> for... commands over sockets are typically encoded and/or encrypted. 
>  Many first-screen/second-screen device pairings use HTTPS for the RPC
> communications.  They often use text-based protocols for the RPC
> itself, but that information is wrapped in an encrypted session.  In
> order to analyze that successfully, you'll have to find a way to insert
> a MITM between the remote and the TV.  Even for an expert that can be
> difficult to impossible; you have to get both sides to trust your MITM
> before you can successfully capture and analyze, because in some cases
> the only way to MITM is to brute-force the ability to forge a CA
> signature (infeasible) or modify the software on both ends to disregard
> the trust checks (likely also infeasible).
> No matter how you go about it, you've quite a bit of learning to do in
> order to do network taps well, even if you're just looking for a
> solution to a one-off problem.  Today's operating systems and
> components are so chatty and much of the traffic is signed, encrypted,
> or both, meaning you have to have high confidence in what you're
> looking at before you start making sense of it.  I highly recommend
> practicing with tcpdump before moving on to Wireshark.  You'll have a
> much better understanding of the capabilities of Wireshark then, and be
> able to use it better.
> 	— Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150812/0cdf24ff/attachment.html>

More information about the Ale mailing list