Wireshark: Tools versus Weapons

Not long after I started in performance testing, I was debugging a script. It didn’t seem to like one of the requests the script
made, so I did what I would have done at home. I ran through the procedure manually, and watched in Wireshark.

I told a colleague about this, and he said “Don’t ever do that again, and don’t tell anyone that you did it”. The client I was working for at the time were very nervous about security, and would have been furious that I’d used Wireshark on their network.

The basic problem is that they saw Wireshark as a weapon for hackers. It’s
far more acceptable to re-record the script in a more business-like tool, like
LoadRunner VUGen, and compare the new and the old

The difference between a tool and a weapon is mostly semantics.
In the wrong hands, VUGen is just as dangerous as Wireshark –
in fact it’s more dangerous, in some ways, as it can hook into secure

It’s a common problem. A port scanner’s a really
easy way of checking connectivity to a remote server, but terrifies system administrators.
So, instead, everyone checks is a port’s open with telnet <hostname> <port>.

By forcing IT people to use business-like tools, businesses are forcing them
to use the wrong tool for the job. If their IT people are worth their salt,
they can do just as much damage with these business “tools” as with hacker “weapons”.
Security is an illusion.

Businesses have to trust their IT people. Security measures don’t make IT people any safer,
they just make them less productive.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s