[SMS]

[Lars]

Hi gerasimos_h!

A question far out of line, and I must say it's perfectly allright if you say it is and don't answer!

I have got S*M*S v SMS 1.6.0 (i486) with OpenSSL 0.9.8r, libpcap version 1.1.1 and tcpdump version 4.1.1 installed and working.

I cannot find a working version of ssldump that works in my S*M*S? It seems Slackware dropped the package after version 10 and the newer versions are built for x86_64 only.

Tried to install ssldump-0.9b3-i686-1aba.tgz but trying to run it comes out with:
"ERROR: Couldn't create network handler"

Tried to install the same version -ssldump-0.9b3- from sourcecode but fails in "make" at:
"make: *** [pcap-snoop.o] Error 1"

probably a version-problem related to libpcap (that works with tcpdump).

I found the tool tcpdump very useful and wanted to install ssldump mainly for monitoring the ssl-traffic from my https-site.

And, as I said, even if I should be glad if you could help me out, it's perfectly OK if you think it is out of line!

Best regards
Lars

[gerasimos_h]

As long as you are using SMS you are not out of line
If you were using another distribution and you were asking for help, then I suppose you should be out of line.

ssldump is an old package, the slackbuild from slacky.eu it's working
http://repository.slacky.eu/slackware64-13.37/network/ssldump/20050329/src/
since it's using latest CVS from 2005.
Just change you arch to i486 in slackbuild.

I have some builds of wireshark which I'm thinking adding them in extra since it's about 8.5MB and they have GUI.

If you want to build it just use the slackbuild from
http://slackbuilds.org/repository/13.37/network/wireshark/

gerasimos_h

[Lars]

Hurrah! it's working!
Primarily I just get an error: Length mismatch, but I think it's because I'm not handling it correctly!

This -ssldump Slackbuild- was really something I learned something from! I had seen this script but didn't dare to use it because it was old, it was x86_64, it was not packed and I didn't know how to find the src.

Does the script, as it seems, fetch the src from sourceforge?

Anyway, I had ssldump 09b.tar.gz (the one I tried to install sourcecode way), put it in the same directory as the ssldump.Slackbuild, changed the architecture as you said. And it worked ! (Had been occupied with ssldump for at least 8 hours before I asked you)

The other tool you suggest, seems heavy, but competent? Do you know if it can decrypt the traffic like ssldump?

In fact I tried the Slackbuild you suggested yesterday, but got stuck at the dependency of GTK+ 2.4 that I couldn't find anywhere, just 2.24, so I installed the package wireshark-1.6.5-i486-1sl.txz, that depended of:
c-ares-1.7.5-i686-1cf.txz
heimdal-libraries-1.4-i486-2gsb.txz
krb5-1.9.1-i486-3sl.txz
libsmi-0.4.8-i486-3sl.txz
lua-5.1.4-i686-4cf.txz
portaudio-20110326-i486-1sl.txz
that I installed and finally got wireshark working, but stripped of all the help menus and some malfunctions as |cannot execute child process "xdg-open"|, |Error during loading:
[string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled"| and a warning running it as root when I on the other hand cannot monitor eth0 running it as a user?

But, is it good at monitoring and do you know if it can decrypt the traffic?

Again gerasimos: Thank you! Now I know better what you think is out of line


Lars

[gerasimos_h]

ssldump:
The script fetch source from svn, same as downloading from
http://ssldump.cvs.sourceforge.net/ssldump/

wireshark:
Yes, it supports ssl/tls decrypt.
I'm syncing current which it has wireshark, I haven't test it at older versions though of SMS, but might work.

By the way you tried slackbuild from slacky.eu, I suggest from slackbuilds.org
slacky's build has kerberos, lua which might cause problems.

To run it as user and have full permissions start it with

[Lars]

Well, tried again, but as I described above I got stuck at GTK+2.4-dependency:

[gerasimos_h]

Run this code to check gtk+, if output is '0' you are ok if it's '1' something is wrong.

[Lars]

Good morning !

Output of
# pkg-config --atleast-version=2.4 gtk+-2.0 && echo $?
0
So it seems everything was OK with the GTK+. I didn't dare reinstall it if anything should go wrong since i thought that many other applications depend on it.

However, tried your wireshark version for SMS 1.6.5 and as much I can evaluate here and now, it really seems to work ! The errors with "cannot execute child process "xdg-open" and "string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled" are gone, have access to the man and help files through the gui, and capture seems to work allright.

But can I ask you one more time about starting wireshark as a user with the argument

[gerasimos_h]

Assuming your user is in sudoers.
If it's not just add in /etc/sudoers.d a file with

[Lars]

!

Well thank you very muck gerasimos! I now have got a server working the way I wanted with httpd, vsftpd, both also configured with options to run SSL/TLS, and tor completed with the possiblities vidalia and polipo. That is a working http & https-server, ftp and ftps server and a tor-router, and tools to monitor my network traffic !

Perhaps I'll stop here, though my S*M*S-version is old. Perhaps I'll update it when you move to Slackware 14, not before, because I remember that the basic setup of SMS was not all that easy.

Anyway, I think you made a perfect server software with many features that I still haven't used.

Thank you for all your help with the tor softwares and the monitoring tool!

All the best!

Lars