Mick wrote:
On Tuesday 17 August 2010 21:15:51 Dale wrote:
Mick wrote:
On 17 August 2010 15:29, BRM<bm_witn...@yahoo.com> wrote:
----- Original Message ----
From: Dale<rdalek1...@gmail.com>
Adam Carter wrote:
Is this easy to do? I have no idea where to start except that
wireshark is installed.
Yep, start the capture with Capture -> Interfaces and click on the
start
button next to the correct interface, then right click on one of the
packets that is to the yahoo box and choose Decode As set the port
and protocol then apply. You'll
need to understand the semantics of HTTP for it to be of much use tho.
You had me until the last part. No semantics here. lol May see if
I can post a little and see if anyone can figure out what the heck it
is doing. I'm thinking some crazy bug or something. Maybe checking
for updates not realizing it's
Kopete instead of a Yahoo program.
Wireshark will show you the raw packet data, and decode only a little of
it - enough to identify the general protocol, senders, etc.
So to understand the packet, you will need to understand the application
layer protocol - in this case HTTP - yourself as Wireshark won't help
you there.
But yet, Wireshark, nmap, and nessus security scanner are the tools,
less so nessus as it really is more of a port scanner/security hole
finder than a debug tool for applications (it's basically an interface
for nmap for those purposes).
I'm not at home to experiment and I don't use yahoo, but port 5050 is
typically used for mmcc = multi media conference control - does yahoo
offer such a service? It could be a SIP server running there for VoIP
between Yahoo registered users or something similar.
The http connection could be offered as an alternative proxy
connection to the yahoo IM servers for users who are behind
restrictive firewalls. Have you asked as much in the Yahoo user
groups?
The fact that the threads continue after kopete has shut down is not
necessarily of concern as was already explained, unless it carries on
and on for a long time and the flow of packets continues. I don't
know how yahoo VoIP works. Did you install some plugin specific for
yahoo services? If it imitates the Skype architecture then it
essentially runs proxies on clients' machines and this could be an
explanation for the traffic.
I don't have VoIP, Skype or that sort of thing here. Here is my Kopete
info tho:
[ebuild R ] kde-base/kopete-4.4.5-r1 USE="addbookmarks autoreplace
contactnotes groupwise handbook highlight history nowlistening pipes
privacy ssl statistics texteffect translator urlpicpreview yahoo
zeroconf (-aqua) -debug -gadu -jabber -jingle (-kdeenablefinal)
(-kdeprefix) -latex -meanwhile -msn -oscar -otr -qq -skype -sms -testbed
-v4l2 -webpresence -winpopup" 0 kB
Anything there that cold cause a problem?
No, I can't see anything suspicious, you don't even have skype or v4l2
enabled, so it is unlikely that it is running some webcam stream (as part of
VoIP).
lol I don't have a webcam even if it was turned on. Sort of funny
about having a camera in my bedroom. o_O
I'm thinking it is Yahoo wanting to upgrade something but not realizing
that I'm not using their client but using kopete. Yahoo isn't the
sharpest tool in the shed you know?
Dale
:-) :-)
