I've been looking to implement sending log data to a remote Syslog host from my Windows service, so far the only decent library based option I have found is the UDP remote Syslog sender in the POCO net library. I'm interested in Syslog with TLS as described in RFC 5425, which the POCO library doesn't currently support.
My question is twofold, firstly have I missed an existing implementation of Syslog for Windows that supports sending to a remote host via TCP/TLS? Secondly, if no such implementation exists, I was looking to write my own (or perhaps extend the POCO one) - it doesn't look much more complicated than establishing a secure TLS session and putting Syslog formatted text strings into a TCP socket, I would use something like the .NET TLS implementation previously discussed here for the TLS part. Have I missed something, is this not that simple? Or is the reason that I can't find any libraries that implement this sort of Syslog communication for Windows that nobody wants to do this? Am I missing the brilliant alternative to Syslog that every other Windows dev is using?
Thanks in advance.
The only packaged solution I've come across for this is from Balabit. It seems to be the only thing out there that supports TLS and RFC5425. If anyone else has come across another solution, I'd like to hear about it as well.
Nxlog can do TLS/RFC5425 and is open source. (disclaimer: I'm the author)
While it's not a library, it has several input modules to make integration easier.
Related
Is there any protocol, API or software in existence that can send data/IM/etc directly from one device to another with no server?
Can you not use HTTP GET/POST/DELETE directly between two devices when their device data is known to the user(s)?
I would very much like to know if there is ANY software/protocols that can do this.
thank you!
The internet is build on the Internet Protocol suite. This suite has 5 different layers of protocols: The physical layer, the link layer, the network layer, the transport layer and the application layer. Each depends on the one before.
If you just use the browser, by default HTTP (application layer) is used, which relies on TCP (transport layer), which relies on IP (v4 or v6, network layer), which relies on ethernet (link layer), which finally relies on the actual cable that's plugged into your computer (for WiFi, the first three are the same but the last two differ if I'm not mistaken).
Now to your question: Is there any protocol, API or software in existence that can send data/IM/etc directly from one device to another with no server?
Yes there is. I suggest you start looking at protocols that are in the application layer. To highlight a few standards next to HTTP(S): FTP is for file transfer, IMAP is for emails clients, SMTP is for email servers and SSH is a secure shell which can also be used to tunnel data through.
For your specific case, I think either FTP (FTPS if you want it over SSL), or SSH can be a solution, but it's hard to know for sure without the specifics.
The only thing that these protocols have in common is that one of the two computers will act like server and the other computer as client. This has as downside that port-forwarding might be necessary.
If you've chosen the protocol you'd like to use, then you're up for the next step, selecting a program that can do that for you. For HTTP(S), I'd recommend Apache. If you're using Linux and chose SSH, then you're in luck, there is a build in SSH server in Linux, you can use that. For other protocols, you might just want to search yourself, as I do not have any suggestions.
I hope this answers most of your questions!
Desirius
In browser context, WebRTC is probably what you are looking for: It allows user to user communications.
https://en.wikipedia.org/wiki/WebRTC
https://webrtc.org/
Is it possible to use FTP protocol for an instant messaging software instead of other common protocols?
It is possible to build some kind of IM app with the FTP protocol but it would be painful, slower than others and probably insecure.
You might want to consider
XMPP is the open standard for messaging and presence
https://xmpp.org/
I've been working with zeroMQ a bit and I want to be able to connect securely over the Internet. I'm in ruby and could use SSL and/or some sort of shh connection but cannot find any examples of how to do this.
I found this old stackoverflow link, How does zeromq work together with SSL? saying they were working on some sort of security, but that was a year ago and I can't find any new references.
Even if this isn't built into zeroMQ, I would assume that there would be some way to set this up with OpenSSL or something similar.
Note: zeroMQ website mentions using VPN or something if you want secure transport. I do not want to use VPN. There must be a better way.
Similar to VPN, but much easier to setup:
encrypted tunnel with socat
Let's make each zeromq side connected locally to socat, and two socats connect with each other using encrypted channel.
Some links: [1], [2], [3], [4].
Just wanted to add that since the question was asked, the ZMQ team developed, starting with ZeroMQ v4.0.0, the CurveZMQ protocol, which is an authentication and encryption protocol for ZeroMQ based on CurveCP and NaCl - fast, secure elliptic-curve crypto. This allows encrypted ZMQ message exchange, which would supposedly be secure over the internet.
For more details see Using ZeroMQ Security part 1. Some of the features that were added at the time are:
A new wire protocol, ZMTP 3.0, that adds a security handshake to all
ZeroMQ connections.
A new security protocol, CurveZMQ, that implements "perfect forward security" between two ZeroMQ peers over a TCP connection. I'll
explain CurveZMQ below.
A set of security mechanisms for ZMTP: NULL, PLAIN, and CURVE, each described by their own RFCs. NULL is essentially what we had
before. PLAIN allows simple username and password authentication.
CURVE implements the CurveZMQ protocol.
[...]
For secure messaging over the internet, one would seek to implement, for example, the Ironhouse pattern. See part 2 for a description.
There are certainly Ruby implementations for this protocol, but I did not look for them.
If one is looking for Python implementations, one can look at these resources:
https://github.com/zeromq/pyzmq/tree/master/examples/security
https://developer.ibm.com/tutorials/se-distributed-apps-zeromq-part2/
Debug HTTP is easy, you have all sort of tools to do it (like Fiddler). What about SMTP?
How to Debug SMTP Communications?
My target system is Windows.
Suggested tools:
Ethereal
tcpdump
Microsoft Network Monitor
For the two people who responded with Ethereal: We renamed the project to Wireshark (http://www.wireshark.org) back in 2006 due to trademark issues. I strongly recommend upgrading.
Depending on your exact issue, Wireshark's Follow TCP Stream feature is pretty useful for debugging Internet Message protocols, including SMTP.
How to capture emails with Wireshark:
Get wireshark -> Install
Into filter enter smtp click Apply
When you get filtered lines click right mouse button on one of them and select 'Follow TCP stream'.
You should get window like following
(OPTIONAL) If you want to inspect contents of email that are base64 encoded
Copy part that looks like gibberish into one of base64 to text converters, there are plenty online. You should get readable text that was sent.
Hope this saves you some time.
smtp-cli is good for this. From the homepage:
smtp-cli is a powerful SMTP command line client with a support
for advanced features, such as STARTTLS, SMTP-AUTH, or IPv6
In addition to being a full-featured client, its --verbose option makes it
the tool I think you're looking for to track down SMTP issues (like, for instance,
why a server is rejecting a given to: address, which is how I found the tool :-) )
Again from the homepage:
It's also a convenient tool for testing and debugging SMTP servers' setups.
Even the hardcore mail admins used to typing the SMTP protocol over telnet
need a specialised tool when it comes to verifying encryption settings of
their TLS enabled server with a subsequent user authentication. Such things
are pretty hard to type into a telnet session by hand :-)
Try Ethereal - its a free network protocol analyzer.
The SMTP protocol is all ascii, so once you see whats inside the TCP connection, you should be good to go.
It will take a bit of work learning how to use Ethereal.
You can use a SMTP development server, like Neptune or Antix. Both work the same way: they create a "fake" SMTP server in your machine so you can test your e-mail sending methods, without actually sending the messages they receive.
Use tools like ethereal (www.ethereal.com) or tcpdump (www.tcpdump.org), if you want to see the SMTP traffic.
If you like to check your server for compliance with relaying standards, do a
telnet relay-test.mail-abuse.org
from your SMTP server and it checks your server for relaying vulnerabilities.
F
Is there a way to monitor the FTP port so that I can know what commands my FTP application is sending to a FTP server?
I am using a closed-source FTP client application, which is not working with a closed-source FTP application server. The client and the server are not communicating well with each other, and I would like to find out why. I wish to reverse-engineer the client to see what commends the client are sending to the sever. I used a web test tool before that allowed me to monitor the content transferring through HTTP, but I can't seem to find such tool for FTP. I appreciate it if you can help me out, thanks.
Sounds like you need a packet sniffer - assuming your network admins/company policy allows it...I have used wireshark fairly successfully before.
The core FTP commands should be visible in the packets.
You can use the Wireshark application: http://www.wireshark.org/
It should have decent parsing capabilities for FTP as well as other protocols.
Can you configure a proxy with the client? Then you could install an ftp proxy server using the logging on that to see what's going on?
There's a proxy server for Linux here: http://frox.sourceforge.net/doc/FAQ.html
Paul.
Do you have access to ftp-server logs? Its likely those commands would be logged there.
If they aren't, your next option would be to configure the server to log them, if you have access.
If thats not an option or server does not log such things, then you have to go to either packet sniffer or a proxy, as suggested by previous posters.
On Unix, tcpdump might be your friend. Maybe you should first state which OS you're targeting, though.
If you have the ability (often requiring root access) to use a packet sniffer, tcpflow sniffing the TCP control channel will show you the commands and responses going back and forth in an easy-to-read format.
If you don't have such access, tools such as ktrace and strace will allow you to see all data read and written on the socket for this connection, though it will be a little work to extract it.
If you could tell us just what tool you were using for HTTP traffic, that would allow us to look for something similar for FTP traffic.