Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release and requestfor feedb

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Sake Blok" <sake@xxxxxxxxxx>
Date: Mon, 27 Apr 2009 16:45:54 +0200
As the purpose of Wireshark is to display network traffic to analyse problems, I see no use in competing in a race to cloak and uncloak traffic with Sniffjoke. That would put Wireshark in the list of cracking tools which might have a negative effect on the places where it is allowed to be used. So I would not consider this a bug and I would *not* consider being able to reassemble Sniffloke traffic a feature to implement. 

Just my $0.02


Sake
----- Original Message ----- From: "Joerg Mayer" <jmayer@xxxxxxxxx> 
To: <wireshark-dev@xxxxxxxxxxxxx>
Sent: Monday, April 27, 2009 3:53 PM
Subject: [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release and requestfor feedback (forw) 



Should it be considered a bug if WS can be fooled by a tool like Sniffjoke
to incorrectly reassemble a TCP stream?
The webpage has two sample traces that seem to be handeled incorrectly by
HEAD indeed.

Ciao
  Joerg
----- Forwarded message from vecna <vecna@xxxxxxxxxx> -----

Delivered-To: jmayer@xxxxxxxxxxxxxxxxxxxxxxxxx
Delivered-To: full-disclosure@xxxxxxxxxxxxxxxxx
Date: Wed, 15 Apr 2009 09:27:39 +0200
From: vecna <vecna@xxxxxxxxxx>
Organization: SALVIA & MENTA, azione TOTALE, aiuta a prevenire placca, carie 
e disturbi gengivali.
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] SniffJoke 0.3 release and request for feedback
Errors-To: full-disclosure-bounces@xxxxxxxxxxxxxxxxx

Some days ago I've relased this:

SniffJoke is a "connection scrambler" for Linux with the purpose of
preventing packet sniffers from reassemble network sessions of the user.
The "sniffer evasion" technology is well known since almost 10 years.
SniffJoke implements the most efficents techniques. Using a local fake
tunnel it is able to manage outgoing and ingoing packets without
disturbing the kernel. With the local web interface the user can easily
start/stop and configure SniffJoke. At the moment, Wireshark, the most
famous packet analyzer, is unable to correctly reconstruct TCP flow
mangled by SniffJoke. I would like to update the list of victim
sniffers, so please send me a report if you test SniffJoke with other
network protocol analyzers.

http://www.delirandom.net/20090402/sniffjoke-03/
http://www.delirandom.net/sniffjoke/


Any comments appreciate

Regards,
vecna




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

----- End forwarded message -----

--
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube