Gentoo Archives: gentoo-user

From: Mick <michaelkintzios@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Yahoo and strange traffic.
Date: Tue, 17 Aug 2010 16:10:37
Message-Id: AANLkTi=5beUNGNVNN2t7LXbdPoKj7VfZBcOCZ9CmVtXU@mail.gmail.com
In Reply to: Re: [gentoo-user] Yahoo and strange traffic. by BRM
1 On 17 August 2010 15:29, BRM <bm_witness@×××××.com> wrote:
2 > ----- Original Message ----
3 >
4 >> From: Dale <rdalek1967@×××××.com>
5 >> Adam Carter wrote:
6 >> >     Is this easy to do?  I  have no idea where to start except that
7 >> >     wireshark is  installed.
8 >> > Yep, start the capture with Capture ->  Interfaces and click on the start
9 >>button next to the correct interface, then  right click on one of the packets
10 >>that is to the yahoo box and choose Decode As  set the port and protocol then
11 >>apply. You'll
12 >>
13 >> need to understand the semantics of  HTTP for it to be of much use tho.
14 >> You had me until the last part.   No semantics here.  lol   May see if I can
15 >>post a little and see if  anyone can figure out what the heck it is doing.  I'm
16 >>thinking some crazy  bug or something.  Maybe checking for updates not realizing
17 >>it's
18 >>
19 >> Kopete  instead of a Yahoo program.
20 >
21 > Wireshark will show you the raw packet data, and decode only a little of it -
22 > enough to identify the general protocol, senders, etc.
23 > So to understand the packet, you will need to understand the application layer
24 > protocol - in this case HTTP - yourself as Wireshark won't help you there.
25 >
26 > But yet, Wireshark, nmap, and nessus security scanner are the tools, less so
27 > nessus as it really is more of a port scanner/security hole finder than a debug
28 > tool for applications (it's basically an interface for nmap for those purposes).
29
30 I'm not at home to experiment and I don't use yahoo, but port 5050 is
31 typically used for mmcc = multi media conference control - does yahoo
32 offer such a service? It could be a SIP server running there for VoIP
33 between Yahoo registered users or something similar.
34
35 The http connection could be offered as an alternative proxy
36 connection to the yahoo IM servers for users who are behind
37 restrictive firewalls. Have you asked as much in the Yahoo user
38 groups?
39
40 The fact that the threads continue after kopete has shut down is not
41 necessarily of concern as was already explained, unless it carries on
42 and on for a long time and the flow of packets continues. I don't
43 know how yahoo VoIP works. Did you install some plugin specific for
44 yahoo services? If it imitates the Skype architecture then it
45 essentially runs proxies on clients' machines and this could be an
46 explanation for the traffic.
47 --
48 Regards,
49 Mick

Replies

Subject Author
Re: [gentoo-user] Yahoo and strange traffic. Dale <rdalek1967@×××××.com>