1 |
On 17 August 2010 15:29, BRM <bm_witness@×××××.com> wrote: |
2 |
> ----- Original Message ---- |
3 |
> |
4 |
>> From: Dale <rdalek1967@×××××.com> |
5 |
>> Adam Carter wrote: |
6 |
>> > Is this easy to do? I have no idea where to start except that |
7 |
>> > wireshark is installed. |
8 |
>> > Yep, start the capture with Capture -> Interfaces and click on the start |
9 |
>>button next to the correct interface, then right click on one of the packets |
10 |
>>that is to the yahoo box and choose Decode As set the port and protocol then |
11 |
>>apply. You'll |
12 |
>> |
13 |
>> need to understand the semantics of HTTP for it to be of much use tho. |
14 |
>> You had me until the last part. No semantics here. lol May see if I can |
15 |
>>post a little and see if anyone can figure out what the heck it is doing. I'm |
16 |
>>thinking some crazy bug or something. Maybe checking for updates not realizing |
17 |
>>it's |
18 |
>> |
19 |
>> Kopete instead of a Yahoo program. |
20 |
> |
21 |
> Wireshark will show you the raw packet data, and decode only a little of it - |
22 |
> enough to identify the general protocol, senders, etc. |
23 |
> So to understand the packet, you will need to understand the application layer |
24 |
> protocol - in this case HTTP - yourself as Wireshark won't help you there. |
25 |
> |
26 |
> But yet, Wireshark, nmap, and nessus security scanner are the tools, less so |
27 |
> nessus as it really is more of a port scanner/security hole finder than a debug |
28 |
> tool for applications (it's basically an interface for nmap for those purposes). |
29 |
|
30 |
I'm not at home to experiment and I don't use yahoo, but port 5050 is |
31 |
typically used for mmcc = multi media conference control - does yahoo |
32 |
offer such a service? It could be a SIP server running there for VoIP |
33 |
between Yahoo registered users or something similar. |
34 |
|
35 |
The http connection could be offered as an alternative proxy |
36 |
connection to the yahoo IM servers for users who are behind |
37 |
restrictive firewalls. Have you asked as much in the Yahoo user |
38 |
groups? |
39 |
|
40 |
The fact that the threads continue after kopete has shut down is not |
41 |
necessarily of concern as was already explained, unless it carries on |
42 |
and on for a long time and the flow of packets continues. I don't |
43 |
know how yahoo VoIP works. Did you install some plugin specific for |
44 |
yahoo services? If it imitates the Skype architecture then it |
45 |
essentially runs proxies on clients' machines and this could be an |
46 |
explanation for the traffic. |
47 |
-- |
48 |
Regards, |
49 |
Mick |