How can you confirm if the cube communicates to the Dataminer using HTTPS other than a Wireshark capture? Are there any indicators within the cube application to show this? Is it normal for me to see POSTS in HTTP?
POST /SLNetService HTTP/1.1
User-Agent: Mozilla/4.0+(compatible; MSIE 6.0; Windows 10.0.19045.0; MS .NET Remoting; MS .NET CLR 4.0.30319.42000 )
Content-Type: application/octet-stream
Host: x.x.x.x:8004
Content-Length: 1042
........................HandleMessages.kSkyline.DataMiner.Net.ISLNet, SLNetTypes, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9789b1eac4cb1b12......... .... .........MSLNetTypes, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9789b1eac4cb1b12......Skyline.DataMiner.Net.Security.ConnectionToken....
_connectionID._token._seqID....System.Guid............System.Guid....._a._b._c._d._e._f._g._h._i._j._k.......................f..P9.@.Z}$.<.. .......................)Skyline.DataMiner.Net.Messages.DMSMessage.... ...............M.......5Skyline.DataMiner.Net.Messages.Advanced.ZippedMessage....
ZippedData...... ..............PK........
V"X._.-1...........data.RMK.@.M....M<.!7)...A
$.4.ES..^D.&.JH.-......;m...........[f.UQ./i....d.....I...7_......9..7..\....JQ..o..(O...&...k......_...Y...[.]..Y....G.... ....s:.N<?..(...A.0...y.P.O...C.3^gtY{......,.oi..lz.B..:.n....D....<v.)c.,{.Nj..j.[*G=....u+ i.{.._........G.N.x.y a.......H.mT7i.;.......5.`...4.dC~d...@...PK..3.......
V"X._.-1.........................dataPK..........2...S.....
Hi Phillip,
In your version 10.1, the Cube communicates towards the DataMiner Agent via .Net Remoting (http traffic over TCP/8004 > cfr http posts in your question). In later versions, we support gRPC Communication (https) (ConnectionSettings.txt | DataMiner Docs).
The IP Communication from client to server is also nicely illustrated in Configuring the IP network ports | DataMiner Docs, both for GRPC and .Net Remoting. Hope this helps.
Hi Phillip,
From the Wireshark capture snippet you showed it does look like the communication is using HTTP and the port and service being used are consistent with SLNet communication.
As part of the DataMiner hardening guide, one step mentions a few BPAs that can automatically verify if your system is as secure as possible. One that could be useful in your case is the HTTPS one (see HTTPS Configuration | DataMiner Docs).
The links above also provide you with some information in case you see it necessary and wish to better secure your system.
Hi Philip,
how do you connect CUBE?
By using a host name or by specifying the IP address?
If you can't use the BPA, perhaps you can check via CUBE when adding the DMA agent - I cannot remember if this is valid in 10.1, however this might be reflected also in the version you are using:
Even if the server is capable of providing HTTPS, the connection needs to be established by using something like MyDMAname.onMyNetwork.MyDomain in order to trigger https - when connecting CUBE via the IP address, you'd be normally in the case shown on the left - is this of help?
Hi Alberto,
It does reflect your screenshots, but when parsing the actual Wireshark I’m only seeing HTTP from the server. Client to server it’s tcp binary which I would expect is normal, but I’m seeing this regardless if I have the bindings setup.
Hi Phillip,
my experience is that if you don't have gRPC enabled and still use .NET Remoting, you can easily see this in the "About" window in Cube ("connection" tab):
When gRPC is enabled, you see something different then the (Legacy)RemotingConnection shown above.
Hope this helps!
BR
Nils
Thanks. Unfortunately, we are on 10.1 and the BPAs are only from 10.3 and up.