analyzing client / server traffic

[J J <j_joensuu () yahoo com>]

Dear all, 

I have been sniffing at the communication between the client and the 
server part of a CRM-software that I support at work. Being that I at 
times get questions about the network security pertaining to this product, 
I wanted to see if it is possible to pinpoint where specific data such as 
login names, passwords (or software specific commands that an 
administrator can send from the client) are located within the packets 
sent by the client.

The product uses a proprietory protocol, and looking at the data with 
tools such as Ethereal and the Ufasoft Sniffer surely did not reveal 
anything in clear text. I did also try converting my username to hex and 
looking for that as well, but did not find anything.

So now I am at the situation where I do not know what to do next in order 
to further analyze the packets that I have captured (they are exported to 
a text and an .xml file). What sort of operations could one do with this 
sort of data? or would it help to get a packet analyzer?

thanks for any advice,

JJ

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics