SciFi posted on Thu, 05 Apr 2012 09:40:34 +0000 as excerpted: > Also, I don't like to continually run a tcpdump or wireshark task as > Duncan suggests -- I would need to keep it going "for all hours" > and "for all ports" that GN might be connected with Pan. > There wouldn't be much synchronization between this task and Pan's log > of the occurrence, seems to me. > Not to mention it'd be tracing anything else we do on the computer (TV > recordings with HDHomeRun boxes, etc etc etc etc etc).
While as I said I've not actually used them, I believe you're wrong on them logging /everything/. If you can't narrow it down, the haystack would simply be too huge to find the needle, and the tools, particularly wireshark, wouldn't have the great reputation it has. I'd expect it can easily filter on GN IP, for instance, and of course on port. And the ports pan will use are rather limited, probably JUST the nntp port, remote/server (dynamic local/client port, of course). Pan would of course also be doing dns lookups, etc, via whatever you have configured for that (local bind server, ISP, etc), but that's not going to match either the gn filter or the nntp connection filter. Further, as you say the same sort of issues have been seen with other clients and regardless of whether it's secure or standard connection, set pan to use cleartext to gn, presumably on 119, and that port should be all you need to worry about. (If necessary, you could even build pan without gnutls support temporarily, so it couldn't use secure connections, but I don't believe that should be necessary.) It's worth noting that particularly if you're behind a NAPT-based router (or stateful firewall such as netfilter/iptables on Linux, yes I know you're not on Linux, but the parallel to that on OSX), whatever gn sent would HAVE to be on the already active ports, or it'd simply not get thru to the client in the first place. And you can use tools such as netstat to see what connections are open and (when run as root) the apps using them. And if pan's opening other than dns and nntp ports, I guess we'd have a rather larger problem indeed! Of course you could check the source for that, but even treating it as a blackbox, there's certain rules it's expected to follow as a reasonably behaved nntp client. So the amount of data you have to sift thru should be pretty reasonable as should the resources used to collect it, particularly if you're simply letting pan idle in offline mode, say overnite or whatever, so there's no download traffic to add to that haystack you're looking for the needle in. Once that haystack is a simple handful of hay, it's not so bad. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman _______________________________________________ Pan-users mailing list Pan-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/pan-users
