Language:
switch to room list switch to menu My folders
Go to page: [1] 2 3 4 5 ... Last
↑↑↑ Old messages ↑↑↑            ↓↓↓ New messages ↓↓↓
[#] Wed Nov 30 2011 15:10:17 EST from Spell Binder @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Who here proclaims to be proficient with both Wireshark and sendmail?

Yesterday I was trying to debug an issue with one of our Linux hosts sending e-mail to our corporate mail server. My first instinct was to do grab a trace of the SMTP session via tcpdump. I was quickly foiled when sendmail decided to do a "STARTTLS."

Before I go any further, I did eventually decide to just disable TLS in the sendmail config so I could get a plain-text capture.

Before I got to that point, though, I tried to get Wireshark to decrypt the TLS session to no avail. I found instructions on Wireshark's website about how to configure it to use a key file, but I think my issue was that I was never able to figure out where exactly sendmail gets its keys from. I was able to find in the sendmail.mc file where all the certificate and key files and directories are configured (/etc/pki/tls/certs), but when I checked in that directory, the only file that exists is ca-bundle.crt, which contains a bunch of certificates. None of the .pem files that were referenced exist.

From poking around, I did find a localhost.key in the /etc/pki/tls/private directory, but when I tried that with Wireshark, it still wasn't able to decrypt the session.

Is this a case where I would need the private key for the corporate e-mail server? Or did I just not grab the right key file from the host?
TLS Binder

[#] Wed Nov 30 2011 15:13:39 EST from Spell Binder @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I almost forgot to mention that the Linux host is running Fedora release 11 (Leonidas).

[#] Wed Nov 30 2011 16:19:53 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I would imagine that in order to get a protocol analyzer to decrypt TLS -- which is *exactly* what TLS is intended to prevent -- you would need to know the private keys used by *both* parties. Each host encrypts transmissions to the other host using the other host's public key, which is derived from its private key ... so you need to know both private keys, and also which is which.

It's much easier to simply turn off TLS while troubleshooting, unless that *is* the source of the problem (which it occasionally is).

[#] Thu Dec 01 2011 18:22:11 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


It's even harder, if both ends negotiated an Ephemeral Diffie-Hellman cipher suite. In this case, an temporary DH keypair is created by each end, and authenticated with the private RSA key. You can't know the temporary private key, because presumably it is only stored in RAM long enough for the key exchange to take place, and then thrown away. So you need to be able to mount an active MITM attack in this case, even just to observe traffic.

[#] Thu Jan 12 2012 15:05:29 EST from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

yeah man in the middle solves lots of problems, there should be a standard...

[#] Sat Feb 11 2012 12:41:20 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


host -t aaaa fedoraproject.org


[#] Wed Feb 15 2012 23:30:32 EST from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Dead beef cafe - ha.

Miss old "dead dad" we used to use for the IPX/SPX address on the Novell test server back in the day.



[#] Wed Mar 21 2012 10:45:50 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Does anyone have strongSwan interoperating with Windows 7's VPN client in IKEv2 mode? Fought with that for half of yesterday and lost :(

[#] Wed Mar 21 2012 15:36:19 EDT from the8088er @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

My High School's WEP key incorporated the phrase "deadbadbeef".

[#] Wed Mar 21 2012 17:11:39 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


<yorkshire accent>

You were lucky to have wifi! When I was in high school we had to carry floppy disks around.

</yorkshire accent>

[#] Wed Mar 21 2012 22:29:54 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

That's no fail, that's a Real Computer (tm). Check it out at http://ripsaw.cac.psu.edu/~mloewen/Oldtech/Tandy/Model6000HD.html

*sigh*

I miss computers :(

[#] Thu Mar 22 2012 11:06:19 EDT from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

 

Wed Mar 21 2012 05:11:39 PM EDT from IGnatius T Foobar @ Uncensored

<yorkshire accent>

You were lucky to have wifi! When I was in high school we had to carry floppy disks around.

</yorkshire accent>

Uphill, in the snow, both ways.



[#] Mon Mar 26 2012 03:11:17 EDT from the8088er @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

<yorkshire accent>

Floppies? Aye! You were luckey to have FLOPPIES!

[#] Wed Mar 28 2012 09:29:18 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Well, they weren't floppy *disks* ... they were fish that were flopping around.
We would have been lucky if we had floppies. I had to get up early every morning and catch some fish, bring them back to the computer room, and write 1's or 0's on each fish.

[#] Wed Mar 28 2012 12:33:21 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

And all your data went bad if the fish suffered from bait rot.

[#] Thu Mar 29 2012 14:13:38 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I know a great UDP joke but you might not get it.

[#] Fri Mar 30 2012 08:14:50 EDT from zooer @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Try the TCP version on me first.

[#] Fri Mar 30 2012 16:45:16 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Did you say you want to hear the TCP version first?

[#] Sun Apr 01 2012 13:12:36 EDT from Uncle Dave @ Dog Pound BBS II

Subject: Tandy 600HD

[Reply] [ReplyQuoted] [Headers] [Print]

I had I Tandy 600HD back in the 90's.  It ran Xenix.  I never thought I'd see one again.  It was the coolest lookibg computer I ever owned.  I wish I would have kept it......sigh.

 



Go to page: [1] 2 3 4 5 ... Last