You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by André Warnier <aw...@ice-sa.com> on 2009/03/17 20:02:43 UTC
tracing port to port
Hi.
I know this is only tenuously Tomcat-related, and apologise in advance.
I'll be content with one-liners.
I have to trace the byte data that circulates back and forth between a
Tomcat servlet (the tenuous connection) and a separate Java daemon to
which the servlet establishes this connection. Both are running on the
same Linux host. My purpose is legitimate, but I do not have the source
code of either of these modules. I would like to be able just to figure
out in as readable a way as possible, what charset/encoding is being
used in one direction and in the other (not necessarily the same). I am
not interested in the TCP protocol details, just the data inside the
packets. A tool that shows what is being exchanged in the least cryptic
way possible would have my preference, and one that allows me to choose
the charset in which I display ditto would be even better.
Which one would you here gurus recommend ?
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tracing port to port
Posted by Gregor Schneider <rc...@googlemail.com>.
André,
two questions:
what type of conenction is the servlet using? Is it RMI, Socket, something else?
If you're not happy with Wireshark, there might be an approach which
takes a bit more effort but might work in case the Java-classes are
not obfuscated:
Talking RMI:
- try to decompile the Java-classes from the war (nice software to do
that might be http://java.decompiler.free.fr or simply try JAD)
- find the RMI-interfaces
- write an RMI-proxy which dumps the information using either
console-output or log4j or whatever you like
- after that, forward the RMI-information from the proxy to the Java-Demon
Cheers
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tracing port to port
Posted by André Warnier <aw...@ice-sa.com>.
Filip Hanik - Dev Lists wrote:
> wireshark.org
>
Thanks.
I had seen that name several times, but it is only yesterday that
someone told me that this was the new name for Ethereal.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: tracing port to port
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: André Warnier [mailto:aw@ice-sa.com]
> Subject: Re: tracing port to port
>
> how does Wireshark figure out if the contents of a packet
> are HTTP or not ? It must be either "heuristic" by sniffing
> the content, or else just by the port in use ?
It does both. The protocol determination and analysis are extremely clever; even for SMB work, it's way better than Microsoft's NetMon.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
[OT] RE: tracing port to port
Posted by Peter Crowther <Pe...@melandra.com>.
> From: André Warnier [mailto:aw@ice-sa.com]
> I think I'll have to refresh my TCP knowledge base, to see if there is
> any byte somewhere in a TCP header specifying the internet protocol.
> But I don't think so.
Sort of :-). The nearest you get is the four bytes specifying the source and destination port numbers - though as you already know that's subject to considerable latitude in interpretation! In particular, if one of those values is a well-known port (http://www.iana.org/assignments/port-numbers), the corresponding protocol RFC-SHOULD* be in use....
- Peter
* Acronym decoder for those who are about to complain: Internet Engineering Task Force (IETF) Requests for Comments (RFCs) frequently make use of MUST, SHOULD, MAY, SHOULD NOT or MUST NOT (capitalised in that way) to indicate how a "correct" system behaves. This has entered some more general Internet parlance, so RFC-SHOULD can be taken to mean "SHOULD as defined in RFC 2119 (http://www.ietf.org/rfc/rfc2119.txt)".
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tracing port to port
Posted by André Warnier <aw...@ice-sa.com>.
Gregor Schneider wrote:
>
> If I understand André correctly, he wants to find out the encoding
> dirung the communication between servlet & java-demon - I doubt that
> this goes as HTTP over the wire.
True. It's not HTTP.
In fact it is .. well .. nothing, apart from TCP. The servlet just opens
a socket to the external daemon, and writes to it with a PrintWriter.
Which kind of begs the question : how does Wireshark figure out if the
contents of a packet are HTTP or not ? It must be either "heuristic" by
sniffing the content, or else just by the port in use ? But that's kind
of risky, no ?
I think I'll have to refresh my TCP knowledge base, to see if there is
any byte somewhere in a TCP header specifying the internet protocol.
But I don't think so.
>
> @André:
>
> Maybe you could give a more detailled description of your problem, so
> that we might come up with some more helpful ideas?
Well, I realise now that my description, and wishes, were kind of
stupid, particularly the bit about displaying in some specific encoding.
I wrote that late at night though ;-)
Of course I can do that by changing my locale and my terminal emulation
I guess.
Duh.
Can one delete one's post from the Tomcat list archives, or is it
preserved for posterity ? Please ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tracing port to port
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gregor,
On 3/18/2009 11:08 AM, Gregor Schneider wrote:
> On Wed, Mar 18, 2009 at 3:47 PM, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>>
>> Wireshark does full TCP capture but also "understands" protocols, so it
>> will show you only the HTTP details for a particular packet, etc.
>>
> But will this help to find out the characterset of encoded string in
> an RMI-object?
Er, RMI objects should be sent using no encoding... that is, serialized
objects encode themselves. For java.lang.String, the serialized form is
always in UTF-8. From section 6.2 ("Stream Elements") of the java
serialization protocol:
"
The representation of String objects consists of length information
followed by the contents of the string encoded in modified UTF-8. The
modified UTF-8 encoding is the same as used in the JavaTM Virtual
Machine and in the java.io.DataInput and DataOutput interfaces; it
differs from standard UTF-8 in the representation of supplementary
characters and of the null character.
"
There should be no concern with RMI, here.
> If I understand André correctly, he wants to find out the encoding
> dirung the communication between servlet & java-demon - I doubt that
> this goes as HTTP over the wire.
He doesn't say whether he's using RMI, but my guess is he isn't. I
suspect he's using something ad-hoc.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknBHLIACgkQ9CaO5/Lv0PByIgCgj7eMQkAc1ZcZ7ldy78Qts3eB
JOUAn3Yoo9AZ7gyExUC6A25xFhW6bnwF
=bw9A
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tracing port to port
Posted by Gregor Schneider <rc...@googlemail.com>.
On Wed, Mar 18, 2009 at 3:47 PM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
>
> Wireshark does full TCP capture but also "understands" protocols, so it
> will show you only the HTTP details for a particular packet, etc.
>
But will this help to find out the characterset of encoded string in
an RMI-object?
If I understand André correctly, he wants to find out the encoding
dirung the communication between servlet & java-demon - I doubt that
this goes as HTTP over the wire.
@André:
Maybe you could give a more detailled description of your problem, so
that we might come up with some more helpful ideas?
Cheers
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tracing port to port
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
André,
On 3/17/2009 8:02 PM, Filip Hanik - Dev Lists wrote:
> wireshark.org
+1
Wireshark does full TCP capture but also "understands" protocols, so it
will show you only the HTTP details for a particular packet, etc.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknBCXAACgkQ9CaO5/Lv0PA3GQCZAXUMXaj8xxJvkDCLdod2tC46
yEwAn0eneLEDM1ragxHBzElzPb010zoD
=6Ghf
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tracing port to port
Posted by Filip Hanik - Dev Lists <de...@hanik.com>.
wireshark.org
André Warnier wrote:
> Hi.
>
> I know this is only tenuously Tomcat-related, and apologise in advance.
> I'll be content with one-liners.
>
> I have to trace the byte data that circulates back and forth between a
> Tomcat servlet (the tenuous connection) and a separate Java daemon to
> which the servlet establishes this connection. Both are running on the
> same Linux host. My purpose is legitimate, but I do not have the
> source code of either of these modules. I would like to be able just
> to figure out in as readable a way as possible, what charset/encoding
> is being used in one direction and in the other (not necessarily the
> same). I am not interested in the TCP protocol details, just the data
> inside the packets. A tool that shows what is being exchanged in the
> least cryptic way possible would have my preference, and one that
> allows me to choose the charset in which I display ditto would be even
> better.
>
> Which one would you here gurus recommend ?
>
> Thanks
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org