On Wed, Apr 12, 2000 at 02:52:42PM -0700, Don Harrop wrote:
> I'm curious...  I've been playing arount with VNC for a window based remote
> control utility.  When I'm typing at a command line, the packets that are
> sent are graphic packets, right?  Does that mean that sniffers can't

No, only the packets coming from the server to the VNC client are 
graphic, the keystrokes are sent in the clear. (What'd you think, it
sends them as graphics and then does OCR on the server side to decypher
what you typed?  :-)  Not sure what the encoding is though - ASCII?
scancodes?  binary or numeric?  It's quite possible the sniffer wouldn't
just see characters but some decoding might have to be done.

> decipher what I'm typing at a command line like you could if you were to
> telnet to the same box??

It would be a good idea to have an encrypted version of VNC if security
is an issue.  I'm not sure if there's a canonical way to do that but
maybe you could tunnel over an SSH connection.

-- 
  _______                   Shawn T. Rutledge / KB7PWD  ecloud@bigfoot.com
 (_  | |_)          http://www.bigfoot.com/~ecloud  kb7pwd@kb7pwd.ampr.org
 __) | | \________________________________________________________________
Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903