1 |
Mick wrote: |
2 |
> On 17 August 2010 15:29, BRM<bm_witness@×××××.com> wrote: |
3 |
> |
4 |
>> ----- Original Message ---- |
5 |
>> |
6 |
>> |
7 |
>>> From: Dale<rdalek1967@×××××.com> |
8 |
>>> Adam Carter wrote: |
9 |
>>> |
10 |
>>>> Is this easy to do? I have no idea where to start except that |
11 |
>>>> wireshark is installed. |
12 |
>>>> Yep, start the capture with Capture -> Interfaces and click on the start |
13 |
>>>> |
14 |
>>> button next to the correct interface, then right click on one of the packets |
15 |
>>> that is to the yahoo box and choose Decode As set the port and protocol then |
16 |
>>> apply. You'll |
17 |
>>> |
18 |
>>> need to understand the semantics of HTTP for it to be of much use tho. |
19 |
>>> You had me until the last part. No semantics here. lol May see if I can |
20 |
>>> post a little and see if anyone can figure out what the heck it is doing. I'm |
21 |
>>> thinking some crazy bug or something. Maybe checking for updates not realizing |
22 |
>>> it's |
23 |
>>> |
24 |
>>> Kopete instead of a Yahoo program. |
25 |
>>> |
26 |
>> Wireshark will show you the raw packet data, and decode only a little of it - |
27 |
>> enough to identify the general protocol, senders, etc. |
28 |
>> So to understand the packet, you will need to understand the application layer |
29 |
>> protocol - in this case HTTP - yourself as Wireshark won't help you there. |
30 |
>> |
31 |
>> But yet, Wireshark, nmap, and nessus security scanner are the tools, less so |
32 |
>> nessus as it really is more of a port scanner/security hole finder than a debug |
33 |
>> tool for applications (it's basically an interface for nmap for those purposes). |
34 |
>> |
35 |
> I'm not at home to experiment and I don't use yahoo, but port 5050 is |
36 |
> typically used for mmcc = multi media conference control - does yahoo |
37 |
> offer such a service? It could be a SIP server running there for VoIP |
38 |
> between Yahoo registered users or something similar. |
39 |
> |
40 |
> The http connection could be offered as an alternative proxy |
41 |
> connection to the yahoo IM servers for users who are behind |
42 |
> restrictive firewalls. Have you asked as much in the Yahoo user |
43 |
> groups? |
44 |
> |
45 |
> The fact that the threads continue after kopete has shut down is not |
46 |
> necessarily of concern as was already explained, unless it carries on |
47 |
> and on for a long time and the flow of packets continues. I don't |
48 |
> know how yahoo VoIP works. Did you install some plugin specific for |
49 |
> yahoo services? If it imitates the Skype architecture then it |
50 |
> essentially runs proxies on clients' machines and this could be an |
51 |
> explanation for the traffic. |
52 |
> |
53 |
|
54 |
I don't have VoIP, Skype or that sort of thing here. Here is my Kopete |
55 |
info tho: |
56 |
|
57 |
[ebuild R ] kde-base/kopete-4.4.5-r1 USE="addbookmarks autoreplace |
58 |
contactnotes groupwise handbook highlight history nowlistening pipes |
59 |
privacy ssl statistics texteffect translator urlpicpreview yahoo |
60 |
zeroconf (-aqua) -debug -gadu -jabber -jingle (-kdeenablefinal) |
61 |
(-kdeprefix) -latex -meanwhile -msn -oscar -otr -qq -skype -sms -testbed |
62 |
-v4l2 -webpresence -winpopup" 0 kB |
63 |
|
64 |
Anything there that cold cause a problem? |
65 |
|
66 |
Dale |
67 |
|
68 |
:-) :-) |