Writing firewall rules with your sniffer
0 Comments
Wireshark, the most popular network analyzer in the world (once known as Ethereal), reached version 0.99.3.
This new release introduces some very interesting feautres:
Last 2 of them deserve a detailed explaination.
Support for USB wireless adapters is at the moment limited to a special USB 2.0 dongle CACE Technologies, the company developing Wireshark, is selling online.
It costs $189 which is pretty high if you consider the average price for such gear is $50.
Wireshark is able to put the wireless adapter in monitor mode (the equivalent of promiscous mode in the Ethernet world) thanks to a new packet driver for Windows: AirPcap.
AirPcap is a different project from the universal packet driver originally deleloped by Politecnico di Torino italian university, WinPcap (even if they are fully integrated since new version 4.0 beta 1), and is not included in the standard Wireshark package.
Unfortunately there are no informations about which vendor manifactures the CACE dongle or about AirPcap compatibility with other USB adapters.
Firewall rules writing capability is much more unexpected.
Wireshark is now able to build simple ACL rules for most popular firewalls, including Windows Firewall, starting from any captured package.
The interface is still very raw (it doesn't permit to create multiple rules given a group of selected packets) but the idea in itself is very interesting.
While I don't think at the moment this feature is particularly useful, the immediate translation of the rule in every major rulebase language is particularly appreciated and has a great educative value.
I hope to see support for the new Windows Vista firewall (which finally is able to filter for both inbound and outbound directions) soon.
This new release introduces some very interesting feautres:
- support for ESP, Kerberos, and SSL decryption
- support for USB wireless adapters
- firewall rules writing capability
Last 2 of them deserve a detailed explaination.
Support for USB wireless adapters is at the moment limited to a special USB 2.0 dongle CACE Technologies, the company developing Wireshark, is selling online.
It costs $189 which is pretty high if you consider the average price for such gear is $50.
Wireshark is able to put the wireless adapter in monitor mode (the equivalent of promiscous mode in the Ethernet world) thanks to a new packet driver for Windows: AirPcap.
AirPcap is a different project from the universal packet driver originally deleloped by Politecnico di Torino italian university, WinPcap (even if they are fully integrated since new version 4.0 beta 1), and is not included in the standard Wireshark package.
Unfortunately there are no informations about which vendor manifactures the CACE dongle or about AirPcap compatibility with other USB adapters.
Firewall rules writing capability is much more unexpected.
Wireshark is now able to build simple ACL rules for most popular firewalls, including Windows Firewall, starting from any captured package.
The interface is still very raw (it doesn't permit to create multiple rules given a group of selected packets) but the idea in itself is very interesting.
While I don't think at the moment this feature is particularly useful, the immediate translation of the rule in every major rulebase language is particularly appreciated and has a great educative value.
I hope to see support for the new Windows Vista firewall (which finally is able to filter for both inbound and outbound directions) soon.
Most Recent Articles
0 Comments:
Post a Comment
Links to this article:
Stay up to date |
|