 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
SSH tunel problem |
 |
 Posted: Fri Apr 07, 2006 9:15 am |
 |
|
| michalkubik |
| Beginner |
 |
|
| Joined: Apr 07, 2006 |
| Posts: 1 |
|
|
|
 |
|
 |
|
Hi, i'm getting desperate
Situation description:
I have 2 computers, they are connected over the switch .
Computer A has:
ip 192.168.0.6 name hostA
there is running SSH server
server part of my TCP/Ip application, listening on port 36000
Computer B has:
ip 192.168.0.14 name hostB
there is running SSH client
client part of my TCP/IP application, sending data on port 36000
I create on host B SSH tunnel with port forwarding by command
ssh -L 34000:hostA:36000 hostB
Afterwards i connect from my client application on ip 127.0.0.1 and port 34000
Until here everything is OK.
Problem description :
I wanted to be sure that my datas are encrypted, so i installed on hostB network monitor, called Ethereal and i can see all my datas, i mean not encrypted as they are going from 192.168.0.14 to 192.168.0.6
Could it be possible that net monitor capture data before the "get into" tunnel and they are encrypted?
Or where else could be the problem?
I also tryed to run net monitor on 3rd computer, but all computers are connected to the switch, so i can not capture communication betwean hostA and host B.
Thanks for help,
Michal |
|
|
|
|
|
|
|
|
| Posted: Fri Apr 07, 2006 12:17 pm |
|
|
| fizzi |
| Advanced user |
|
|
| Joined: Sep 14, 2005 |
| Posts: 55 |
|
|
|
|
|
|
|
Perhaps, i dunno ssh much, your data sent to host B which forwards to host A are not beeing encrypted, which is in fact a design flaw. is the data sending host B to host A encrypted? also it could be possible, that your tcp/ip sniffer is too intelligent, meaning it sniffs your ssl packets and decrypts all the data in time, giving you the nice output you would expect to see.
perhaps you want to try tcpdump. (i guess you are using ethereal) |
|
|
|
|
|
|
|
|
| Posted: Fri Apr 07, 2006 12:42 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
All is ok! This is exactly how SSH tunneling works. Because all the data, you are sending FROM client program TO ssh client, is NOT protected by ssh encryption. So your sniffer in HostB actually sees plaintext data before entering SSH tunnel. Now, data between HostAand HostB is encrypted and you can test that by sniffing that traffic. Maybe the switch has special "management port" or you have other possibilities to sniff gobal traffic:
http://www.effetech.com/help/sniffer-faq.htm
You can even try ARP poisoning:
http://www.grc.com/nat/arp.htm
But im sure, that after you have sniffed traffic between HostA and HostB, you will see encryption in place  |
|
|
|
|
|
Re: SSH tunel problem |
|
| Posted: Thu Apr 13, 2006 10:02 am |
|
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| michalkubik wrote: | Hi, i'm getting desperate
Situation description:
I have 2 computers, they are connected over the switch .
Computer A has:
ip 192.168.0.6 name hostA
there is running SSH server
server part of my TCP/Ip application, listening on port 36000
Computer B has:
ip 192.168.0.14 name hostB
there is running SSH client
client part of my TCP/IP application, sending data on port 36000
I create on host B SSH tunnel with port forwarding by command
ssh -L 34000:hostA:36000 hostB
Afterwards i connect from my client application on ip 127.0.0.1 and port 34000
Until here everything is OK.
Problem description :
I wanted to be sure that my datas are encrypted, so i installed on hostB network monitor, called Ethereal and i can see all my datas, i mean not encrypted as they are going from 192.168.0.14 to 192.168.0.6
Could it be possible that net monitor capture data before the "get into" tunnel and they are encrypted?
Or where else could be the problem?
I also tryed to run net monitor on 3rd computer, but all computers are connected to the switch, so i can not capture communication betwean hostA and host B.
Thanks for help,
Michal |
its oke if u still can read the data , coz u sniff it from where the data send and before the data enter the tunneling where the ssh encryption is work, to be able find the exacly what happen u need to tap in the midlle , another simple ways u can use a HUB and make three connection host A (server) , host B (client) and host C (where u do your sniff action), and u will find an encryption data
remember dont use a switch, use hub to prove it  |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 213
Members: 0
Total: 213
