]> James Pickering – Wireshark

James's Den


Wireshark: Tools and Weapons Tuesday, 26th October 2010

I was recently debugging a script. It didn't seem to like one of the requests the script made, so I ran through the procedure manually, and watched in Wireshark.

The firm I was working with at the time is very security conscious, and I got slapped on the wrist for using Wireshark.

The basic problem is that they saw Wireshark as a weapon for hackers. It's far more acceptable to re-record the script in a more business-like tool, like LoadRunner VUGen, and compare the new and the old script.

The difference between a tool and a weapon is mostly semantics. In the wrong hands, VUGen is just as dangerous as Wireshark – in fact it's more dangerous, in some ways, as it can hook into secure connections.

It's a problem I've encountered elsewhere, too. A port scanner's a really easy way of checking connectivity to a remote server, but terrifies system administrators. I don't know of any business-friendly tool that'll do quite the same thing (I had an MS SQL server I wanted to check connectivity to. In the end, I used telnet to open a connection on port 1433, which established connectivity, but it's obviously a poor solution).

By forcing IT people to use business-like tools, businesses are forcing them to use the wrong tool for the job. If their IT people are worth their salt, they can do just as much damage with these business "tools" as with hacker "weapons". Security is an illusion.

Businesses have to trust their IT people. Security measures don't make IT people any safer, they just make them less productive.

This site was created with KompoZer and Screem. Contact me at motu@jamespic.me.uk. Unless otherwise stated, all material on this website is released into the public domain.

For optimal viewing, Internet Explorer users should either download MathPlayer, or use a better browser.