Wireshark · Wireshark-dev: Re: [Wireshark-dev] Passwordlist in Wireshark

Wireshark-dev: Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted

From: João Valverde <joao.valverde@xxxxxxxxxxxxxxxxxx>

Date: Mon, 17 Jun 2019 11:44:05 +0100

Title: Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted

On 16/06/19 17:52, Jasper Bongertz wrote:

Hi

There is a patch currently waiting for inclusion. It would allow for dissectors to easily make credentials (username/password) available and present them in a tool window in Wireshark.

The main concern here is, that this could lead companies, evaluating Wireshark to be used within the company, to deny the use of the program, due to wrongly identifying Wireshark as a hacking tool.

We would like your feedback on that topic

kind regards
Roland

Hi,

I have seen at least three occasions where the fact that credentials were that easily accessed with a network analysis tool has resulted in a ban of that exact tool by upper management. In one case this affected a freshly bought license of Clearsight, which immediately after receiving the product ended up in a safe under lock and key, never again to see the light of day.

It may sound weird but this is one case of the typcail "what they don't know doesn't bother them". If this function is added some people will suddenly realize the potential that they are currently unaware of, so it's quite possible that Wireshark will be banned when it is currently fine to use it (in enterprise network that usually means admins only, anyway).

If "they" don't know about the potential (doubtful), we should be rectifying that, so that everyone can make an informed decision. Put it in the documentation in big bold letters, something like that.

I personally don't think that a minority of upper management who may be clueless or simply prefer take the path of least effort without trying to understand the issues should be dictating the direction of the project.

This feature, if merged, would contribute to increase network security in my opinion.

Cheers,
Jasper

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted
  - From: João Valverde

References:
- [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted
  - From: Roland Knall
- Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted
  - From: Jasper Bongertz

Prev by Date: [Wireshark-dev] Wireshark media player capability
Next by Date: Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted
Previous by thread: Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted
Next by thread: Re: [Wireshark-dev] Passwordlist in Wireshark - User feedback wanted
Index(es):
- Date
- Thread