Gentoo Archives: gentoo-user

From: BRM <bm_witness@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Yahoo and strange traffic.
Date: Tue, 17 Aug 2010 14:30:29
In Reply to: Re: [gentoo-user] Yahoo and strange traffic. by Dale
1 ----- Original Message ----
3 > From: Dale <rdalek1967@×××××.com>
4 > Adam Carter wrote:
5 > > Is this easy to do? I have no idea where to start except that
6 > > wireshark is installed.
7 > > Yep, start the capture with Capture -> Interfaces and click on the start
8 >button next to the correct interface, then right click on one of the packets
9 >that is to the yahoo box and choose Decode As set the port and protocol then
10 >apply. You'll
11 >
12 > need to understand the semantics of HTTP for it to be of much use tho.
13 > You had me until the last part. No semantics here. lol May see if I can
14 >post a little and see if anyone can figure out what the heck it is doing. I'm
15 >thinking some crazy bug or something. Maybe checking for updates not realizing
16 >it's
17 >
18 > Kopete instead of a Yahoo program.
20 Wireshark will show you the raw packet data, and decode only a little of it -
21 enough to identify the general protocol, senders, etc.
22 So to understand the packet, you will need to understand the application layer
23 protocol - in this case HTTP - yourself as Wireshark won't help you there.
25 But yet, Wireshark, nmap, and nessus security scanner are the tools, less so
26 nessus as it really is more of a port scanner/security hole finder than a debug
27 tool for applications (it's basically an interface for nmap for those purposes).
29 HTH,
31 Ben


Subject Author
Re: [gentoo-user] Yahoo and strange traffic. Mick <michaelkintzios@×××××.com>
Re: [gentoo-user] Yahoo and strange traffic. Dale <rdalek1967@×××××.com>