1 |
----- Original Message ---- |
2 |
|
3 |
> From: Dale <rdalek1967@×××××.com> |
4 |
> Mick wrote: |
5 |
> > On Tuesday 17 August 2010 21:15:51 Dale wrote: |
6 |
> >> Mick wrote: |
7 |
> >>> On 17 August 2010 15:29, BRM<bm_witness@×××××.com> wrote: |
8 |
> >>>> ----- Original Message ---- |
9 |
> >>>>> From: Dale<rdalek1967@×××××.com> |
10 |
> >>>>> Adam Carter wrote: |
11 |
> >>>>>> Is this easy to do? I have no idea where to start except that |
12 |
> >>>>>> wireshark is installed. |
13 |
> >>>>>> Yep, start the capture with Capture -> Interfaces and click on |
14 |
the |
15 |
> >>>>>> start |
16 |
> >>>>> button next to the correct interface, then right click on one of the |
17 |
> >>>>> packets that is to the yahoo box and choose Decode As set the port |
18 |
> >>>>> and protocol then apply. You'll |
19 |
> >>>>> need to understand the semantics of HTTP for it to be of much use tho. |
20 |
> >>>>> You had me until the last part. No semantics here. lol May see if |
21 |
> >>>>> I can post a little and see if anyone can figure out what the heck it |
22 |
> >>>>> is doing. I'm thinking some crazy bug or something. Maybe checking |
23 |
> >>>>> for updates not realizing it's |
24 |
> >>>>> Kopete instead of a Yahoo program. |
25 |
> >>>> Wireshark will show you the raw packet data, and decode only a little of |
26 |
> >>>> it - enough to identify the general protocol, senders, etc. |
27 |
> >>>> So to understand the packet, you will need to understand the |
28 |
application |
29 |
> >>>> layer protocol - in this case HTTP - yourself as Wireshark won't help |
30 |
> >>>> you there. |
31 |
> >>>> But yet, Wireshark, nmap, and nessus security scanner are the tools, |
32 |
> >>>> less so nessus as it really is more of a port scanner/security hole |
33 |
> >>>> finder than a debug tool for applications (it's basically an interface |
34 |
> >>>> for nmap for those purposes). |
35 |
> >>> I'm not at home to experiment and I don't use yahoo, but port 5050 is |
36 |
> >>> typically used for mmcc = multi media conference control - does yahoo |
37 |
> >>> offer such a service? It could be a SIP server running there for VoIP |
38 |
> >>> between Yahoo registered users or something similar. |
39 |
> >>> The http connection could be offered as an alternative proxy |
40 |
> >>> connection to the yahoo IM servers for users who are behind |
41 |
> >>> restrictive firewalls. Have you asked as much in the Yahoo user |
42 |
> >>> groups? |
43 |
> >>> The fact that the threads continue after kopete has shut down is not |
44 |
> >>> necessarily of concern as was already explained, unless it carries on |
45 |
> >>> and on for a long time and the flow of packets continues. I don't |
46 |
> >>> know how yahoo VoIP works. Did you install some plugin specific for |
47 |
> >>> yahoo services? If it imitates the Skype architecture then it |
48 |
> >>> essentially runs proxies on clients' machines and this could be an |
49 |
> >>> explanation for the traffic. |
50 |
> >> I don't have VoIP, Skype or that sort of thing here. Here is my Kopete |
51 |
> >> info tho: |
52 |
> >> [ebuild R ] kde-base/kopete-4.4.5-r1 USE="addbookmarks autoreplace |
53 |
> >> contactnotes groupwise handbook highlight history nowlistening pipes |
54 |
> >> privacy ssl statistics texteffect translator urlpicpreview yahoo |
55 |
> >> zeroconf (-aqua) -debug -gadu -jabber -jingle (-kdeenablefinal) |
56 |
> >> (-kdeprefix) -latex -meanwhile -msn -oscar -otr -qq -skype -sms -testbed |
57 |
> >> -v4l2 -webpresence -winpopup" 0 kB |
58 |
> >> Anything there that cold cause a problem? |
59 |
> > No, I can't see anything suspicious, you don't even have skype or v4l2 |
60 |
> > enabled, so it is unlikely that it is running some webcam stream (as part |
61 |
of |
62 |
> > VoIP). |
63 |
> I'm thinking it is Yahoo wanting to upgrade something but not realizing |
64 |
> that I'm not using their client but using kopete. Yahoo isn't the |
65 |
> sharpest tool in the shed you know? |
66 |
|
67 |
I doubt that's the case. I use Pidgin with Yahoo, and haven't had that kind of |
68 |
thing so far as I'm aware. |
69 |
|
70 |
Ben |