Ubuntu: I'm monitoring network traffic, and it uses proprietary protocols, but why?



Question:

Everybody says Ubuntu is open source, but when I monitor it on Wireshark, I see it shares folders using SMB protocol, which is from Microsoft, and proprietary.

So I would like to ask:
Am I wrong? Is this SMB protocol I see open-source?
If it's not, Ubuntu is using code that people can't inspect, right?

Please correct me if I'm wrong, thanks.


Solution:1

SMB is done on Ubuntu using Samba, which is free software and which is thus open source.


Solution:2

As an IT professional I can give you some guidance here.

Just because a protocol is used primarily by Microsoft or another company doesn't make it proprietary necessarily. There are tons of protocols out there, and at one point or another they were all proprietary. Samba (SMB) is just one protocol which used to be owned as proprietary but has since been expanded upon and understood by the world at large and open source implementations have since been created. The protocol itself is no longer Proprietary, necessarily. But the key thing here is, you don't have to worry about that traffic. Judging by your comments after your post was made, you're more or less concerned about whether these are different protos from what you're seeing or not, and only because you're sharing two computers and don't have Samba installed. Protocol proprietaryness is explained above, but the second part of "why it's being seen" is explained below.

Just because you didn't install a piece of software that speaks SMB doesn't mean that something else on the network doesn't have it installed. When sniffing network traffic with Wireshark / tshark or libpcap directly, you are seeing any packets your system is seeing on the network connection whether it's directed at you directly or not. This is what 'sniffing network traffic' is, plugging into a network and examining what traffic is actually coming over the connection to get a better idea of the state of the network.

In IT Security, we do this type of thing all the time when hired to see if there's anything suspicious going on - I regularly go out to clients' locations and jack into their network to see if there's anything odd going on, usually only if there's a problem with a specific computer or such but it's not uncommon to see traffic that your computer wouldn't know how to handle because you don't have software installed for it.

For example. I have a Linux computer. All my systems are Linux. When I go to a client's network that's Windows based, I see all sorts of Windows-unique traffic that isn't proprietary necessarily, but is just communications my computer wouldn't care about or generate. That doesn't mean there's anything wrong, I'm literally just observing what's coming across the network cable and that my system would see, which is the whole point of monitoring network traffic. It helps to ID 'odd' things which could explain why some things aren't working but also helps to ID what is legitimate expected traffic on a given network.

Also, if Wireshark is able to read the packet and give you a decoded idea of what the packet contains or is doing, then it's not necessarily a proprietary protocol. It could just be well documented, but in most cases it's probably not proprietary.

TL;DR in case you're lazy: whether you have Samba installed or not is irrelevant, if an SMB protocol packet goes over the network and your computer sees the packet and you see it in Wireshark, that doesn't mean it's malicious traffic or anything. It's just your packet sniffer indicating that that's what that individual packet it saw come over the connection was. That's just how traffic sniffing/monitoring works. If you don't have the software or a service running to handle the packet, or the packet was to a broadcast address and not to your computer, then it'll just fail to do anything to your computer. (Usually. The exceptions are too numerous to explain here, and would require several weeks of training just to give you the basic ideas and information.)


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »