Re: [Pan-users] this seems to be fixed with XQuartz-2.7.2-beta4 (Re: Help request please: Latest Xquartz is causing some visual artifacts in Pan.)

[Duncan]

SciFi posted on Thu, 05 Apr 2012 09:40:34 +0000 as excerpted:

> Also, I don't like to continually run a tcpdump or wireshark task as
> Duncan suggests -- I would need to keep it going "for all hours"
> and "for all ports" that GN might be connected with Pan.
> There wouldn't be much synchronization between this task and Pan's log
> of the occurrence, seems to me.
> Not to mention it'd be tracing anything else we do on the computer (TV
> recordings with HDHomeRun boxes, etc etc etc etc etc).

While as I said I've not actually used them, I believe you're wrong on 
them logging /everything/.  If you can't narrow it down, the haystack 
would simply be too huge to find the needle, and the tools, particularly 
wireshark, wouldn't have the great reputation it has.  I'd expect it can 
easily filter on GN IP, for instance, and of course on port.  And the 
ports pan will use are rather limited, probably JUST the nntp port, 
remote/server (dynamic local/client port, of course).  Pan would of 
course also be doing dns lookups, etc, via whatever you have configured 
for that (local bind server, ISP, etc), but that's not going to match 
either the gn filter or the nntp connection filter.

Further, as you say the same sort of issues have been seen with other 
clients and regardless of whether it's secure or standard connection, set 
pan to use cleartext to gn, presumably on 119, and that port should be 
all you need to worry about.  (If necessary, you could even build pan 
without gnutls support temporarily, so it couldn't use secure 
connections, but I don't believe that should be necessary.)

It's worth noting that particularly if you're behind a NAPT-based router 
(or stateful firewall such as netfilter/iptables on Linux, yes I know 
you're not on Linux, but the parallel to that on OSX), whatever gn sent 
would HAVE to be on the already active ports, or it'd simply not get thru 
to the client in the first place.  And you can use tools such as netstat 
to see what connections are open and (when run as root) the apps using 
them.  And if pan's opening other than dns and nntp ports, I guess we'd 
have a rather larger problem indeed!  Of course you could check the 
source for that, but even treating it as a blackbox, there's certain 
rules it's expected to follow as a reasonably behaved nntp client.

So the amount of data you have to sift thru should be pretty reasonable 
as should the resources used to collect it, particularly if you're simply 
letting pan idle in offline mode, say overnite or whatever, so there's no 
download traffic to add to that haystack you're looking for the needle 
in.  Once that haystack is a simple handful of hay, it's not so bad.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman