Research found that around 86 percent of vulnerabilities are found in the full stack development sector. Hence, there is an utmost need to cope with these to make platforms secure. One of the common attack point is network because every single byte is transferred through the network hence attackers try to sniff useful information, so for such situations Wireshark was launched which provides detailed analyses of the network and has tools to check security so to counter those for users safety.
Sametime can be understood as a protocol which was developed for Sametime software of IBM. This protocol helps in connecting to the IBM server with the help of Meanwhile library. It helps in accessing directory services with the help of Lightweight Directory Access Protocol (LDAP) and TCP/IP protocol.
Sametime in Wireshark:
It is a window in Wireshark that is used to analyze data packets using Sametime protocol for connecting to a server or accessing directory services. Sametime traffic is separated by the Wireshark by analyzing the port number as it utilizes port 1533. User status, send type and message type information is gathered through Sametime statistics window in Wireshark.
This window can be seen under Statistics tab, see the below image:
On clicking, it is various data fields are visible which contain lots of information:
- Topic/Item : This field provides information about address message like IAM (Initial Address Message), SAM (Subsequent address message), ACM (Address Complete Message) etc.
- Count : It shows the count of Sametime data packets.
- Average: It shows the average value for a data packet required for connection using Sametime protocol.
- Min Val: It shows the minimum value required by Sametime traffic for stable connection to server.
- Max Val: It shows the upper limit of Sametime traffic for stable connection to server.
- Rate: It is used to show the transfer rate of bits which is used in checking the stability of the signal.
- Percent: It shows the percentage of data of each Sametime data packet.
- Burst Rate: It is the maximum capacity of transmitting data in a specified time span.
- Burst Start: Bust start is the time point when burst starts.
Let’s understand with captured data
In the above picture SAMETIME protocol is used for connecting to SAMETIME server and the packet sent is used for handshake. All the necessary fields like burst rate and burst start can be seen for detailed analysis.
Conclusion:
It can be concluded that SAMETIME protocol is used while interacting with SAMETIME server and the data packets can be captured using Wireshark for analyzing things like message type, user status, send type, message count etc.