| Author |
Message
|
| firelior |
 Posted: Wed Jun 27, 2012 12:24 am Post subject: Websphere MQ protocol |
 |
|
Apprentice
Joined: 31 May 2012
Posts: 28
|
Hi,
Is the Websphere MQ V7.1 protocol public? is there any manual that describes what goes on through the network over a tcp connection?
I have seen that Wireshark has a filter that describes some of what goes through the network. But I don't think that it is updated to V7 message types.
If not, is there a built in method in mq that can get bytes and "deserialize" them in to a MQMD message?
thanks |
|
| Back to top |
|
 |
| Mr Butcher |
| Posted: Wed Jun 27, 2012 1:56 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
afaik, its not public. and i dont know such a method (which does not mean anything  . however, you could use the free mq client if "the other end of the wire" is not a mq server ....
_________________
Regards, Butcher |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Jun 27, 2012 4:27 am Post subject: Re: Websphere MQ protocol |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| firelior wrote: |
| If not, is there a built in method in mq that can get bytes and "deserialize" them in to a MQMD message? |
There's a difference between what exists and what is public.
There's no reason to spend any time snooping at MQ packets on the network.
Thousands of people have successfully managed and debugged their MQ networks passing lots of messages without this information.
If you are concerned about the visibility of message data on the wire, then you should take the appropriate steps to encrypt the traffic on the wire - by enabling SSL on your channels.
If you are concerned about the visibility of message traffic outside the boundaries of an application's memory space, then you should take the appropriate steps to encrypt the message body - for example by using MQ AMS. |
|
| Back to top |
|
|
| firelior |
| Posted: Wed Jun 27, 2012 7:13 am Post subject: |
|
|
Apprentice
Joined: 31 May 2012
Posts: 28
|
| Quote: |
| you could use the free mq client if "the other end of the wire" is not a mq server |
What do you mean the free mq client?
I can use it to deserialize the bytes to the mq message? if so how..?
mqjeff - I can see that it is possible.
What I am asking is whether it is documented somewhere?
or can you lead me to some documentation that will help me achieve what I am trying to do. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jun 27, 2012 7:20 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| firelior wrote: |
| What do you mean the free mq client? |
He means the WMQ Client Software, which is free to use but no use if what you're trying to intercept is the communication between 2 queue managers.
| firelior wrote: |
| I can use it to deserialize the bytes to the mq message? if so how..? |
A better question is "why"?
| firelior wrote: |
| can you lead me to some documentation that will help me achieve what I am trying to do. |
What are you trying to do, aside from the obvious "read a message that WMQ has sent using Wireshark"? What purpose does this serve (aside from obtaining information the owner may not enjoy you knowing)?
Most sites employ one or more of the tactics listed by my most worthy associate to prevent exactly this sort of activity, which is in extreme circumstances frowned upon by auditors & law enforcement.
_________________
Honesty is the best policy.
Insanity is the best defence.
Last edited by Vitor on Wed Jun 27, 2012 7:21 am; edited 1 time in total |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Jun 27, 2012 7:20 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
There's no charge for installing and using the MQ client software. The only charge is for the queue manager server.
You don't need this information. It's not documented, it's not public. It works without needing this information.
There's no reason to do what you're trying to do! Why are you trying to do it? |
|
| Back to top |
|
|
| firelior |
| Posted: Wed Jun 27, 2012 7:38 am Post subject: |
|
|
Apprentice
Joined: 31 May 2012
Posts: 28
|
First of all, I am trying to do this for security reasons and not for hacking reasons. I want to check the content of the messages that pass before they get to the queue manager. And stop them from getting to the manager.
Kind of a proxy. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Jun 27, 2012 7:45 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jun 27, 2012 7:46 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| firelior wrote: |
| I want to check the content of the messages that pass before they get to the queue manager. |
I can think of 3 better ways of doing that than Wireshark. One of which is a commercial product.
| firelior wrote: |
| And stop them from getting to the manager. |
And 2 ways of doing that, 1 of which is supplied with the WMQ product.
| firelior wrote: |
| Kind of a proxy. |
What kind of proxy exactly? The kind with an inbuilt ability to pull (and presumably) push messages off the wire which even if your motives are pure opens a massive security hole in your architecture?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jun 27, 2012 7:54 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
So, back to your point. You're trying to intercept messages flowing into the queue manager & obtain the message content.
The protocol used to perform this is the IP of IBM. It's undocumented and as such can change at any time with any fix pack, so even if you reverse engineer it you'll potentially need to re-reverse engineer it every time you apply maintenance.
I stand by my off-topic comments regarding the validity & safety of your effort.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Jun 27, 2012 8:32 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Vitor wrote: |
| The protocol used to perform this is the IP of IBM. |
If the channel definition specifies transport type TRPTYPE(TCP), it's TCP/IP supplied by the platform o/s. TCP is well-documented, perhaps painfully so.
WMQ's channel protocol (handshaking, synchronization, heartbeats, message transport, etc.) are proprietary to IBM, the details of which are not officially documented.
A thorough read of the WMQ Intercommunications manual will provide the broad-brush introduction to channel protocol.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jun 27, 2012 8:40 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| bruce2359 wrote: |
| Vitor wrote: |
| The protocol used to perform this is the IP of IBM. |
If the channel definition specifies transport type TRPTYPE(TCP), it's TCP/IP supplied by the platform o/s. TCP is well-documented, perhaps painfully so.
WMQ's channel protocol (handshaking, synchronization, heartbeats, message transport, etc.) are proprietary to IBM, the details of which are not officially documented. |
I apologise for my lack of exactness.
| bruce2359 wrote: |
| A thorough read of the WMQ Intercommunications manual will provide the broad-brush introduction to channel protocol. |
I think the OP will need quite a fine brush to achieve what's being attempted here.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Jun 27, 2012 9:03 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Vitor wrote: |
| bruce2359 wrote: |
| Vitor wrote: |
| The protocol used to perform this is the IP of IBM. |
If the channel definition specifies transport type TRPTYPE(TCP), it's TCP/IP supplied by the platform o/s. TCP is well-documented, perhaps painfully so.
WMQ's channel protocol (handshaking, synchronization, heartbeats, message transport, etc.) are proprietary to IBM, the details of which are not officially documented. |
I apologise for my lack of exactness.
| bruce2359 wrote: |
| A thorough read of the WMQ Intercommunications manual will provide the broad-brush introduction to channel protocol. |
I think the OP will need quite a fine brush to achieve what's being attempted here. |
I agree that there is no practical reason the OP needs to understand channel protocol to filter or proxy.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Jun 27, 2012 9:14 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| bruce2359 wrote: |
| the details of which are not officially documented. |
I'm quite sure you mean "publicly documented".
I very much doubt that the MQ protocol is not "officially documented". |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Jun 27, 2012 9:47 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| mqjeff wrote: |
| bruce2359 wrote: |
| the details of which are not officially documented. |
I'm quite sure you mean "publicly documented".
I very much doubt that the MQ protocol is not "officially documented". |
Yes, yes. I meant documented for public consumption.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
