Forum: >>> Magnum BBS <<<

[Info-ingres] Snooping on another user session

From Martin Bowes@21:1/5 to Ingres lists on Tue Oct 6 09:57:02 2020

Hi All,

I have a user whose connection details I wish to trap. Specifically their setting of date_type_alias.

They are running a fairly complicated application and although we *could in theory* get it recut to include a select dbmsinfo('date_type_alias'), in practice that may be a lot harder than it sounds.

The error experienced by one (and only one) user would indicate they have connected with date alias of ansidate. Yet a scan of their client config says that should be ingresdate. I've trapped their connected activity with sc930 on the two installations
on which the application is working but have not found any resetting of the date alias with a set date_alias 'ansidate' either.

Having looked at the session trace, I can provoke the error using a terminal monitor connection, but only if I set date_alias 'ansidate'.

Ideas?

Martin Bowes

<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)"> <style>
</head>
<body lang="EN-GB" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
Hi All,<o:p></o:p>
<o:p> </o:p>
I have a user whose connection details I wish to trap. Specifically their setting of date_type_alias.<o:p></o:p>
<o:p> </o:p>
They are running a fairly complicated application and although we *could in theory* get it recut to include a select dbmsinfo(‘date_type_alias’), in practice that may be a lot harder than it sounds.<o:p></o:p>
<o:p> </o:p>
The error experienced by one (and only one) user would indicate they have connected with date alias of ansidate. Yet a scan of their client config says that should be ingresdate. I’ve trapped their connected activity with sc930
on the two
installations on which the application is working but have not found any resetting of the date alias with a set date_alias ‘ansidate’ either.
<o:p></o:p>
<o:p> </o:p>
Having looked at the session trace, I can provoke the error using a terminal monitor connection, but only if I set date_alias ‘ansidate’.<o:p></o:p>
<o:p> </o:p>
Ideas?<o:p></o:p>
<o:p> </o:p>
Martin Bowes   <o:p></o:p>
</div>
</body>
</html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Adrian Williamson@21:1/5 to Martin Bowes on Wed Oct 7 08:57:18 2020

To: info-ingres@lists.planetingres.org

This is a multipart message in MIME format.

Wireshark?

I've used this network sniffing software in the past to look at Ingres connection details.

Some of it (e.g. opening a terminal session) is in text.

Download wireshark/winpcap and do a packet capture when you connect to
Ingres as a test.

I've notes somewhere if you need them.

From: info-ingres-bounces@lists.planetingres.org <info-ingres-bounces@lists.planetingres.org> On Behalf Of Martin Bowes
Sent: 06 October 2020 10:57
To: 'Ingres lists' <info-ingres@lists.planetingres.org>
Subject: [Info-ingres] Snooping on another user session

Hi All,

I have a user whose connection details I wish to trap. Specifically their setting of date_type_alias.

They are running a fairly complicated application and although we *could in theory* get it recut to include a select dbmsinfo('date_type_alias'), in practice that may be a lot harder than it sounds.

The error experienced by one (and only one) user would indicate they have connected with date alias of ansidate. Yet a scan of their client config
says that should be ingresdate. I've trapped their connected activity with sc930 on the two installations on which the application is working but have
not found any resetting of the date alias with a set date_alias 'ansidate' either.

Having looked at the session trace, I can provoke the error using a terminal monitor connection, but only if I set date_alias 'ansidate'.

Ideas?

Martin Bowes

<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta
http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style></head><body lang=EN-GB link="#0563C1" vlink="#954F72"><div class=WordSection1>Wireshark?<o:p></o:p><o:p> </o:p>I’ve used this network sniffing
software in the past to look at Ingres connection details.<o:p></o:p><o:p> </o:p>Some of it (e.g. opening a terminal session) is in text.<o:p></o:p><o:p> </o:p>Download wireshark/winpcap and do a packet capture when you connect to Ingres as a test.<o:p></o:p><o:p> </o:p>I’ve notes somewhere if you need them.<o:p></o:p><o:p>
 </o:p><o:p> </o:p><o:p> </o:p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'> info-ingres-bounces@lists.planetingres.org <info-ingres-bounces@lists.planetingres.org> On Behalf Of Martin Bowes Sent: 06 October 2020 10:57 To: '

Ingres lists' <info-ingres@lists.planetingres.org> Subject: [Info-ingres] Snooping on another user session<o:p></o:p></div></div><o:p> </o:p>Hi All,<o:p></o:p><o:p> </o:p>I have a user whose connection details I wish to trap. Specifically their setting of date_type_alias.<o:p></o:p><o:p> </o:p>They are running a fairly
complicated application and although we *could in theory* get it recut to include a select dbmsinfo(‘date_type_alias’), in practice that may be a lot harder than it sounds.<o:p></o:p><o:p> </o:p>The error experienced by one (and only one) user would indicate they have connected with date alias of ansidate. Yet a scan of their client config says that should be ingresdate. I’ve trapped their connected activity with sc930 on the two
installations on which the application is working but have not found any resetting of the date alias with a set date_alias ‘ansidate’ either. <o:p></o:p><o:p> </o:p>Having looked at the
session trace, I can provoke the error using a terminal monitor connection, but only if I set date_alias ‘ansidate’.<o:p></o:p><o:p> </o:p>Ideas?<o:p></o:p><o:p> </

Martin Bowes   <o:p></o:p></div></body></html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Chris.Clark@actian.com@21:1/5 to Martin Bowes on Wed Oct 7 14:08:37 2020

On Tuesday, October 6, 2020 at 2:58:04 AM UTC-7, Martin Bowes wrote:
...

The error experienced by one (and only one) user would indicate they have connected with date alias of ansidate. Yet a scan of their client config says that should be ingresdate. I’ve trapped their connected activity with sc930 on the two

installations on which the application is working but have not found any resetting of the date alias with a set date_alias ‘ansidate’ either.

Having looked at the session trace, I can provoke the error using a terminal monitor connection, but only if I set date_alias ‘ansidate’.

It seems likely the setting is being set on the client side somehow and you want to prove one way or the other which it is.

If this is a specific user and a libq based client I would recommend setting II_EMBED_SET client side to printgca and asking them to run the application and send the iiprtgca.log - super easy to read compared with other tracing options. Tracing also
means the SQL actually used can be seen (as well as possible errors).

If either of those assumptions are incorrect, I'd likely still go the GCA trace route but do it a different kind/place. You can decide if that's client or server depending on what you you know about the client. Docs have some notes on this, https://
communities.actian.com/s/article/GCA-Trace-Logs-without-Tears-Ingres-II-and-OpenIngres-only is a pretty good server side one (you can always spin up a new GCC server for this specific user so as to avoid tracing everyone).

Unless you can ensure the encryption is not in play, I would avoid raw tracing the socket or wireshark. If encryption is not enabled then you can use your favorite network sniffing technique :-)

Its probably worth opening an enhancement request for server side checking of session sessions (in IMA).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Bob Worm
  Fri Apr 26 15:47:21 2024
  from Wales, Uk via Telnet
- Bob Worm
  Fri Apr 26 10:09:36 2024
  from Wales, Uk via Telnet
- Bob Worm
  Fri Apr 26 08:24:20 2024
  from Wales, Uk via Telnet
- Bob Worm
  Fri Apr 26 06:40:30 2024
  from Wales, Uk via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	296
Nodes:	16 (2 / 14)
Uptime:	82:05:04
Calls:	6,658
Calls today:	4
Files:	12,203
Messages:	5,333,417
Posted today:	1

[Info-ingres] Snooping on another user session

Who's Online

Recent Visitors

System Info