On Thu, Sep 30, 1999 at 02:37:34PM -0400, Brad Clements wrote:
> On 30 Sep 99, at 10:04, Scott Klement wrote:
>
>
> > On the bright side... if you're using TN5250, the data thats being
> > sent back and forth is in EBCDIC. :) Its a bit less likely that
> > someone has a packet sniffer looking at EBCDIC codes! Unless, of
> > course, he's attacking you specifically...
> >
>
> Anyone remember NCSA Telnet, or it's offshoot CUTCP/TN?
>
> I wrote CUTCP/TN (added 3278 emulation to NCSA Telnet for DOS)
>
> After our university suffered a bit of hacking, I modified the program to
> promiscously sniff telnet/rlogin sessions and present the data in real-
> time on screen, so you could view telnet sessions as the user typed..
>
> Naturally it also worked for 3278 sessions, they were MUCH EASIER to
> sniff because they're block mode (just like TN5250). EBCDIC really
> doesn't help, and the block-mode nature makes it very easy to sniff
> 5250/3270.
>
Wow! What a _cool_ hack! Where can I get me one?
I want to rip some code out so I can snoop 5250 sessions. Hell, that would
be a neat feature to add to 5250, especially for figuring out why something
doesn't work with our emulator. Certainly better than my current alternative -
'portsnoop'.
-Jay 'Eraserhead' Felice
>
> Brad Clements, bkc@murkworks.com (315)268-1000
> http://www.murkworks.com (315)268-9812 Fax
> netmeeting: ils://ils.murkworks.com ICQ: 14856937
+---
| This is the LINUX5250 Mailing List!
| To submit a new message, send your mail to LINUX5250@midrange.com.
| To subscribe to this list send email to LINUX5250-SUB@midrange.com.
| To unsubscribe from this list send email to LINUX5250-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
