cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Want the oppurtunity to discuss enhancements to PTC products? Join a working group! X

ever configured Editor to talk to PE through a proxy?

naglists
1-Newbie

ever configured Editor to talk to PE through a proxy?

Or have you executed some other strategy for trapping, reviewing, and then
sending the messages Editor creates for the conversation with PE?

--
Paul Nagai
6 REPLIES 6

Interesting. I haven't tried this but I would be inclined to start with
packet sniffing (eg. Wireshark) to see what sort of traffic is flowing and
then perhaps switch to a transparent proxy (eg. Squid) if necessary.



Is this what you're thinking?



-G


Something like that. Absent any ideas from Adepter (or a response yet from
PTC), our security people proceeded to sniff ... My impression is that it's
more work to sniff than it is to proxy ... so they were a-hoping.

Hi Paul,


I haven't done this either, but I'm curious as to what information you are trying to capture? Do you want to see the whole conversation between AE and PE or are you looking for something specific?

It's not me directly. It's the security / risk group. They are conducting a
vulnerability assessment, so I think they are peeking at the SOAP messages
looking for ways to inject and do other nefarious things. When they are
done, they will inform us what is wrong with the picture from the
infrastructure to the tippy top of PE's pointy head.

On Thu, Aug 25, 2011 at 6:58 AM, Jeff Stevenson <
jstevenson@gpslsolutions.com> wrote:

> Hi Paul,
>
> I haven't done this either, but I'm curious as to what information you are
> trying to capture? Do you want to see the whole conversation between AE and
> PE or are you looking for something specific?
>

Oh yeah, I've been there. Governance dept. can be a hassle. I have personally have not heard of PE introducing any more or a security risk than any other service traveling through the firewall. I guess they are looking for malicious things that might piggyback on the data packets.


I would think the data transfered between AE and PE is rather simple. Any tracking software should be able to pick it up. I'd be curious to see the conversation myself.

PTC's response makes explicit a strategy already covered earlier in the
thread. In the last paragraph, they remind you what should be obvious: This
is offered as "helpful" but can't be considered "supported." But you knew
that. Also, I'll add: Don't go installing any "sniffer" without
understanding *your* company's (or client's) policies on such matters.


There is no explicit support for Proxies built into Arbortext Editor.
However a tool such as this has been used by us in the past as an easy way
to spy on the HTTP traffic.



We have used a program called “TcpTrace” for things like this. You can
download it here:



Top Tags