1 |
On Tuesday 17 August 2010 21:15:51 Dale wrote: |
2 |
> Mick wrote: |
3 |
> > On 17 August 2010 15:29, BRM<bm_witness@×××××.com> wrote: |
4 |
> >> ----- Original Message ---- |
5 |
> >> |
6 |
> >>> From: Dale<rdalek1967@×××××.com> |
7 |
> >>> |
8 |
> >>> Adam Carter wrote: |
9 |
> >>>> Is this easy to do? I have no idea where to start except that |
10 |
> >>>> wireshark is installed. |
11 |
> >>>> |
12 |
> >>>> Yep, start the capture with Capture -> Interfaces and click on the |
13 |
> >>>> start |
14 |
> >>> |
15 |
> >>> button next to the correct interface, then right click on one of the |
16 |
> >>> packets that is to the yahoo box and choose Decode As set the port |
17 |
> >>> and protocol then apply. You'll |
18 |
> >>> |
19 |
> >>> need to understand the semantics of HTTP for it to be of much use tho. |
20 |
> >>> You had me until the last part. No semantics here. lol May see if |
21 |
> >>> I can post a little and see if anyone can figure out what the heck it |
22 |
> >>> is doing. I'm thinking some crazy bug or something. Maybe checking |
23 |
> >>> for updates not realizing it's |
24 |
> >>> |
25 |
> >>> Kopete instead of a Yahoo program. |
26 |
> >> |
27 |
> >> Wireshark will show you the raw packet data, and decode only a little of |
28 |
> >> it - enough to identify the general protocol, senders, etc. |
29 |
> >> So to understand the packet, you will need to understand the application |
30 |
> >> layer protocol - in this case HTTP - yourself as Wireshark won't help |
31 |
> >> you there. |
32 |
> >> |
33 |
> >> But yet, Wireshark, nmap, and nessus security scanner are the tools, |
34 |
> >> less so nessus as it really is more of a port scanner/security hole |
35 |
> >> finder than a debug tool for applications (it's basically an interface |
36 |
> >> for nmap for those purposes). |
37 |
> > |
38 |
> > I'm not at home to experiment and I don't use yahoo, but port 5050 is |
39 |
> > typically used for mmcc = multi media conference control - does yahoo |
40 |
> > offer such a service? It could be a SIP server running there for VoIP |
41 |
> > between Yahoo registered users or something similar. |
42 |
> > |
43 |
> > The http connection could be offered as an alternative proxy |
44 |
> > connection to the yahoo IM servers for users who are behind |
45 |
> > restrictive firewalls. Have you asked as much in the Yahoo user |
46 |
> > groups? |
47 |
> > |
48 |
> > The fact that the threads continue after kopete has shut down is not |
49 |
> > necessarily of concern as was already explained, unless it carries on |
50 |
> > and on for a long time and the flow of packets continues. I don't |
51 |
> > know how yahoo VoIP works. Did you install some plugin specific for |
52 |
> > yahoo services? If it imitates the Skype architecture then it |
53 |
> > essentially runs proxies on clients' machines and this could be an |
54 |
> > explanation for the traffic. |
55 |
> |
56 |
> I don't have VoIP, Skype or that sort of thing here. Here is my Kopete |
57 |
> info tho: |
58 |
> |
59 |
> [ebuild R ] kde-base/kopete-4.4.5-r1 USE="addbookmarks autoreplace |
60 |
> contactnotes groupwise handbook highlight history nowlistening pipes |
61 |
> privacy ssl statistics texteffect translator urlpicpreview yahoo |
62 |
> zeroconf (-aqua) -debug -gadu -jabber -jingle (-kdeenablefinal) |
63 |
> (-kdeprefix) -latex -meanwhile -msn -oscar -otr -qq -skype -sms -testbed |
64 |
> -v4l2 -webpresence -winpopup" 0 kB |
65 |
> |
66 |
> Anything there that cold cause a problem? |
67 |
|
68 |
No, I can't see anything suspicious, you don't even have skype or v4l2 |
69 |
enabled, so it is unlikely that it is running some webcam stream (as part of |
70 |
VoIP). |
71 |
-- |
72 |
Regards, |
73 |
Mick |