| 1 |
Mick wrote: |
| 2 |
> On Tuesday 17 August 2010 21:15:51 Dale wrote: |
| 3 |
> |
| 4 |
>> Mick wrote: |
| 5 |
>> |
| 6 |
>>> On 17 August 2010 15:29, BRM<bm_witness@×××××.com> wrote: |
| 7 |
>>> |
| 8 |
>>>> ----- Original Message ---- |
| 9 |
>>>> |
| 10 |
>>>> |
| 11 |
>>>>> From: Dale<rdalek1967@×××××.com> |
| 12 |
>>>>> |
| 13 |
>>>>> Adam Carter wrote: |
| 14 |
>>>>> |
| 15 |
>>>>>> Is this easy to do? I have no idea where to start except that |
| 16 |
>>>>>> wireshark is installed. |
| 17 |
>>>>>> |
| 18 |
>>>>>> Yep, start the capture with Capture -> Interfaces and click on the |
| 19 |
>>>>>> start |
| 20 |
>>>>>> |
| 21 |
>>>>> button next to the correct interface, then right click on one of the |
| 22 |
>>>>> packets that is to the yahoo box and choose Decode As set the port |
| 23 |
>>>>> and protocol then apply. You'll |
| 24 |
>>>>> |
| 25 |
>>>>> need to understand the semantics of HTTP for it to be of much use tho. |
| 26 |
>>>>> You had me until the last part. No semantics here. lol May see if |
| 27 |
>>>>> I can post a little and see if anyone can figure out what the heck it |
| 28 |
>>>>> is doing. I'm thinking some crazy bug or something. Maybe checking |
| 29 |
>>>>> for updates not realizing it's |
| 30 |
>>>>> |
| 31 |
>>>>> Kopete instead of a Yahoo program. |
| 32 |
>>>>> |
| 33 |
>>>> Wireshark will show you the raw packet data, and decode only a little of |
| 34 |
>>>> it - enough to identify the general protocol, senders, etc. |
| 35 |
>>>> So to understand the packet, you will need to understand the application |
| 36 |
>>>> layer protocol - in this case HTTP - yourself as Wireshark won't help |
| 37 |
>>>> you there. |
| 38 |
>>>> |
| 39 |
>>>> But yet, Wireshark, nmap, and nessus security scanner are the tools, |
| 40 |
>>>> less so nessus as it really is more of a port scanner/security hole |
| 41 |
>>>> finder than a debug tool for applications (it's basically an interface |
| 42 |
>>>> for nmap for those purposes). |
| 43 |
>>>> |
| 44 |
>>> I'm not at home to experiment and I don't use yahoo, but port 5050 is |
| 45 |
>>> typically used for mmcc = multi media conference control - does yahoo |
| 46 |
>>> offer such a service? It could be a SIP server running there for VoIP |
| 47 |
>>> between Yahoo registered users or something similar. |
| 48 |
>>> |
| 49 |
>>> The http connection could be offered as an alternative proxy |
| 50 |
>>> connection to the yahoo IM servers for users who are behind |
| 51 |
>>> restrictive firewalls. Have you asked as much in the Yahoo user |
| 52 |
>>> groups? |
| 53 |
>>> |
| 54 |
>>> The fact that the threads continue after kopete has shut down is not |
| 55 |
>>> necessarily of concern as was already explained, unless it carries on |
| 56 |
>>> and on for a long time and the flow of packets continues. I don't |
| 57 |
>>> know how yahoo VoIP works. Did you install some plugin specific for |
| 58 |
>>> yahoo services? If it imitates the Skype architecture then it |
| 59 |
>>> essentially runs proxies on clients' machines and this could be an |
| 60 |
>>> explanation for the traffic. |
| 61 |
>>> |
| 62 |
>> I don't have VoIP, Skype or that sort of thing here. Here is my Kopete |
| 63 |
>> info tho: |
| 64 |
>> |
| 65 |
>> [ebuild R ] kde-base/kopete-4.4.5-r1 USE="addbookmarks autoreplace |
| 66 |
>> contactnotes groupwise handbook highlight history nowlistening pipes |
| 67 |
>> privacy ssl statistics texteffect translator urlpicpreview yahoo |
| 68 |
>> zeroconf (-aqua) -debug -gadu -jabber -jingle (-kdeenablefinal) |
| 69 |
>> (-kdeprefix) -latex -meanwhile -msn -oscar -otr -qq -skype -sms -testbed |
| 70 |
>> -v4l2 -webpresence -winpopup" 0 kB |
| 71 |
>> |
| 72 |
>> Anything there that cold cause a problem? |
| 73 |
>> |
| 74 |
> No, I can't see anything suspicious, you don't even have skype or v4l2 |
| 75 |
> enabled, so it is unlikely that it is running some webcam stream (as part of |
| 76 |
> VoIP). |
| 77 |
> |
| 78 |
|
| 79 |
|
| 80 |
lol I don't have a webcam even if it was turned on. Sort of funny |
| 81 |
about having a camera in my bedroom. o_O |
| 82 |
|
| 83 |
I'm thinking it is Yahoo wanting to upgrade something but not realizing |
| 84 |
that I'm not using their client but using kopete. Yahoo isn't the |
| 85 |
sharpest tool in the shed you know? |
| 86 |
|
| 87 |
Dale |
| 88 |
|
| 89 |
:-) :-) |
Archives