Wish List: Decent SVG Network Elements

Wed, 25 Nov 2009 05:02:17 +0000

Nmap 5 has a really cool feature: you can scan a network and dump its map to SVG. Inkscape is turning out to be a really nice vector drawing program.

A really useful workflow would be to combine the two:

Map your network using Nmap.
Tweak that map to your liking using Inkscape.
Have a cool map.

Unfortunately this is a harsh, cruel world we live in. The workflow we currently have is:

Map your network using Nmap.
Load the map Inkscape.
Search the interwebs for decent SVG network elements until you have to explain the foul language and crying to your wife.

This is something Visio is famous for (network art, not the foul language and crying). Search for “visio stencils” and you’ll be bombarded with all sorts of network shapes, from major equipment manufacturers to ones that look like crayon art. Where are all the cool SVG network elements? Quantum Bits made a nice start, but we need a lot more than that.

Comments 🔗

Comment by shannon on 2009-12-02 10:09:28 +0000 🔗

this is some good info. thanks, by the way is there some wireshark software for the palm pre?

Comment by Kirby Files on 2009-12-23 13:06:31 +0000 🔗

Just a note: the OpenClipArt site (which can be accessed via the Inkscape “Import from Open Clipart Library” menu) has some (mostly rudimentary) SVG artwork. Try searching for “network”, “router”, or “server”.

Debugging SSL Servers Over IPv6

Fri, 16 Oct 2009 21:00:50 +0000

An old-school method of debugging TCP-based services is to use telnet:

$ telnet www.wireshark.org 80
Trying 67.228.110.120...
Connected to www.wireshark.org.
Escape character is '^]'.
HEAD / HTTP/1.0
Host: www.wireshark.org

HTTP/1.1 200 OK
Date: Fri, 16 Oct 2009 19:31:47 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=3600
Vary: Accept-Encoding
X-Slogan: Be good. You never know who's running Wireshark nearby.
Content-Length: 9628
Connection: close
Content-Type: text/html

Connection closed by foreign host.

It’s like giving your web server a big ol’ hug.

Most telnet clients do something very clever here. If you connect to a port other than 23 (or whatever getservbyname returns when you feed it “telnet”) they will disable telnet protocol negotiation and switch to line mode. This gives you a raw, line-based connection which is just the thing you need to interact with an HTTP, POP, IMAP, FTP, or NNTP server.

Adding SSL and IPv6 to the mix complicates things. I’m in the process of making Wireshark’s public-facing services available over IPv6. It would be helpful to be able to test connectivity to each service before adding its corresponding AAAA record. Standard telnet clients support 6, but not SSL. OpenSSL’s s_client command speaks SSL, but not over IPv6 (not on my systems, at least):

$ openssl s_client -connect '[2607:f0d0:2001:e:1::123]:443'
getservbyname failure for f0d0:2001:e:1::123]:443

$ openssl s_client -connect ipv6.wireshark.org:443
gethostbyname failure
connect:errno=110

Luckily Fyodor released Nmap 5 a while back. Nmap 5 includes ncat, which lets you connect over SSL+IPv6. It is now my new favorite service-poking utility.

$ ncat -6 --ssl -v 2607:f0d0:2001:e:1::123 443
Ncat version 5.00 ( http://nmap.org/ncat )
SSL connection to 2607:f0d0:2001:e:1::123:443. bugs.wireshark.org
SHA-1 fingerprint: F6BA 2EE9 DEEF 74D3 B4B0 86D7 F5DB 6237 FF7F 896A
HEAD /bugzilla/ HTTP/1.0
Host: bugs.wireshark.org

HTTP/1.1 200 OK
Date: Fri, 16 Oct 2009 20:26:23 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8

On many Linux distributions you can also use telnet-ssl:

telnet-ssl -z ssl 2607:f0d0:2001:e:1::123 443

Comments 🔗

Comment by Martijn Pepping on 2009-10-19 08:40:32 +0000 🔗

Instead of the telnet-ssl command the openssl command can be used, which is more likely to be available on a system.

For example, the openssl command can be used as:
$ openssl s_client -connect hostname:443

In which ‘443’ represents the tcp-portnumber the SSL-service is listening on.

Comment by Gerald Combs on 2009-10-19 08:42:49 +0000 🔗

Does ‘openssl s_client -connect’ support IPv6 on your system? It doesn’t on any of mine. See the red error text in the post.

Comment by SSL Star on 2009-11-04 08:23:42 +0000 🔗

Great advice. I dont know how many times I have to tell people the very same things. Glad I’m not the only one.

nmap on The Official Wireshark Blog

Wish List: Decent SVG Network Elements

Comments 🔗

Comment by shannon on 2009-12-02 10:09:28 +0000 🔗

Comment by Kirby Files on 2009-12-23 13:06:31 +0000 🔗

Debugging SSL Servers Over IPv6

Comments 🔗

Comment by Martijn Pepping on 2009-10-19 08:40:32 +0000 🔗

Comment by Gerald Combs on 2009-10-19 08:42:49 +0000 🔗

Comment by SSL Star on 2009-11-04 08:23:42 +0000 🔗