> > I just did a killall kopete and it did stop. Is there a way to "see" what > it is sending/receiving? I'm talking like is it a jpeg, some other file or > something else? > > rix portage # nmap -p 5050 -sV cs210p2.msg.sp1.yahoo.com
Starting Nmap 5.21 ( http://nmap.org ) at 2010-08-17 11:27 EST Nmap scan report for cs210p2.msg.sp1.yahoo.com (98.136.48.110) Host is up (0.20s latency). PORT STATE SERVICE VERSION 5050/tcp open mmcc? 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port5050-TCP:V=5.21%I=7%D=8/17%Time=4C69E58D%P=i686-pc-linux-gnu%r(GetR SF:equest,195,"HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Type:\x20text/h SF:tml\r\nCache-Control:\x20max-age=0,\x20must-revalidate\r\nExpires:\x20S SF:un,\x2010\x20Jun\x202007\x2012:01:01\x20GMT\r\n\r\n<html><head>\r\n<met SF:a\x20http-equiv=\"content-type\"\x20content=\"text/html;charset=utf-8\" SF:>\r\n<title>404\x20Not\x20Found</title>\r\n</head>\r\n<body\x20text=#00 SF:0000\x20bgcolor=#ffffff>\r\n<hr><center>\r\n<H1>Not\x20Found</H1>\r\nTh SF:e\x20requested\x20URL\x20was\x20not\x20found\x20on\x20this\x20server\.\ SF:r\n</center><p>\r\n</body></html>\r\n")%r(FourOhFourRequest,195,"HTTP/1 SF:\.1\x20404\x20Not\x20Found\r\nContent-Type:\x20text/html\r\nCache-Contr SF:ol:\x20max-age=0,\x20must-revalidate\r\nExpires:\x20Sun,\x2010\x20Jun\x SF:202007\x2012:01:01\x20GMT\r\n\r\n<html><head>\r\n<meta\x20http-equiv=\" SF:content-type\"\x20content=\"text/html;charset=utf-8\">\r\n<title>404\x2 SF:0Not\x20Found</title>\r\n</head>\r\n<body\x20text=#000000\x20bgcolor=#f SF:fffff>\r\n<hr><center>\r\n<H1>Not\x20Found</H1>\r\nThe\x20requested\x20 SF:URL\x20was\x20not\x20found\x20on\x20this\x20server\.\r\n</center><p>\r\ SF:n</body></html>\r\n"); Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 112.82 seconds rix portage # Well its obviously HTTP, NFI why NMAP cant see that. So you could capture in wireshark, then docode port 5050 as HTTP.
