1 |
Mick wrote: |
2 |
> On Tuesday 17 August 2010 21:15:51 Dale wrote: |
3 |
> |
4 |
>> Mick wrote: |
5 |
>> |
6 |
>>> On 17 August 2010 15:29, BRM<bm_witness@×××××.com> wrote: |
7 |
>>> |
8 |
>>>> ----- Original Message ---- |
9 |
>>>> |
10 |
>>>> |
11 |
>>>>> From: Dale<rdalek1967@×××××.com> |
12 |
>>>>> |
13 |
>>>>> Adam Carter wrote: |
14 |
>>>>> |
15 |
>>>>>> Is this easy to do? I have no idea where to start except that |
16 |
>>>>>> wireshark is installed. |
17 |
>>>>>> |
18 |
>>>>>> Yep, start the capture with Capture -> Interfaces and click on the |
19 |
>>>>>> start |
20 |
>>>>>> |
21 |
>>>>> button next to the correct interface, then right click on one of the |
22 |
>>>>> packets that is to the yahoo box and choose Decode As set the port |
23 |
>>>>> and protocol then apply. You'll |
24 |
>>>>> |
25 |
>>>>> need to understand the semantics of HTTP for it to be of much use tho. |
26 |
>>>>> You had me until the last part. No semantics here. lol May see if |
27 |
>>>>> I can post a little and see if anyone can figure out what the heck it |
28 |
>>>>> is doing. I'm thinking some crazy bug or something. Maybe checking |
29 |
>>>>> for updates not realizing it's |
30 |
>>>>> |
31 |
>>>>> Kopete instead of a Yahoo program. |
32 |
>>>>> |
33 |
>>>> Wireshark will show you the raw packet data, and decode only a little of |
34 |
>>>> it - enough to identify the general protocol, senders, etc. |
35 |
>>>> So to understand the packet, you will need to understand the application |
36 |
>>>> layer protocol - in this case HTTP - yourself as Wireshark won't help |
37 |
>>>> you there. |
38 |
>>>> |
39 |
>>>> But yet, Wireshark, nmap, and nessus security scanner are the tools, |
40 |
>>>> less so nessus as it really is more of a port scanner/security hole |
41 |
>>>> finder than a debug tool for applications (it's basically an interface |
42 |
>>>> for nmap for those purposes). |
43 |
>>>> |
44 |
>>> I'm not at home to experiment and I don't use yahoo, but port 5050 is |
45 |
>>> typically used for mmcc = multi media conference control - does yahoo |
46 |
>>> offer such a service? It could be a SIP server running there for VoIP |
47 |
>>> between Yahoo registered users or something similar. |
48 |
>>> |
49 |
>>> The http connection could be offered as an alternative proxy |
50 |
>>> connection to the yahoo IM servers for users who are behind |
51 |
>>> restrictive firewalls. Have you asked as much in the Yahoo user |
52 |
>>> groups? |
53 |
>>> |
54 |
>>> The fact that the threads continue after kopete has shut down is not |
55 |
>>> necessarily of concern as was already explained, unless it carries on |
56 |
>>> and on for a long time and the flow of packets continues. I don't |
57 |
>>> know how yahoo VoIP works. Did you install some plugin specific for |
58 |
>>> yahoo services? If it imitates the Skype architecture then it |
59 |
>>> essentially runs proxies on clients' machines and this could be an |
60 |
>>> explanation for the traffic. |
61 |
>>> |
62 |
>> I don't have VoIP, Skype or that sort of thing here. Here is my Kopete |
63 |
>> info tho: |
64 |
>> |
65 |
>> [ebuild R ] kde-base/kopete-4.4.5-r1 USE="addbookmarks autoreplace |
66 |
>> contactnotes groupwise handbook highlight history nowlistening pipes |
67 |
>> privacy ssl statistics texteffect translator urlpicpreview yahoo |
68 |
>> zeroconf (-aqua) -debug -gadu -jabber -jingle (-kdeenablefinal) |
69 |
>> (-kdeprefix) -latex -meanwhile -msn -oscar -otr -qq -skype -sms -testbed |
70 |
>> -v4l2 -webpresence -winpopup" 0 kB |
71 |
>> |
72 |
>> Anything there that cold cause a problem? |
73 |
>> |
74 |
> No, I can't see anything suspicious, you don't even have skype or v4l2 |
75 |
> enabled, so it is unlikely that it is running some webcam stream (as part of |
76 |
> VoIP). |
77 |
> |
78 |
|
79 |
|
80 |
lol I don't have a webcam even if it was turned on. Sort of funny |
81 |
about having a camera in my bedroom. o_O |
82 |
|
83 |
I'm thinking it is Yahoo wanting to upgrade something but not realizing |
84 |
that I'm not using their client but using kopete. Yahoo isn't the |
85 |
sharpest tool in the shed you know? |
86 |
|
87 |
Dale |
88 |
|
89 |
:-) :-) |