Jake Moe wrote:
On 08/17/10 20:23, Dale wrote:
Adam Carter wrote:
Is this easy to do? I have no idea where to start except that
wireshark is installed.
Yep, start the capture with Capture -> Interfaces and click on the
start button next to the correct interface, then right click on one
of the packets that is to the yahoo box and choose Decode As set the
port and protocol then apply. You'll need to understand the semantics
of HTTP for it to be of much use tho.
You had me until the last part. No semantics here. lol May see if
I can post a little and see if anyone can figure out what the heck it
is doing. I'm thinking some crazy bug or something. Maybe checking
for updates not realizing it's Kopete instead of a Yahoo program.
Thanks. Post back what I find when it does it again.
Dale
:-) :-)
If you do try to send it back to us, you might want to limit what it's
capturing; Wireshark can get a *lot* of data quickly.
For instance, if you know it's only communicating with a few servers,
after you click on "Capture --> Interfaces", click on the "Options"
button, and in the Capture Filter, put "host 98.136.48.110 or host
98.136.42.25", which are the two servers you listed at the beginning of
this thread (cs210p2.msg.sp1.yahoo.com and rdis.msg.vip.sp1.yahoo.com).
Or you could assume that Yahoo are using the 98.136.0.0 network only for
this sort of thing, and use a filter of "net 98.136.0.0/16", which would
grab all traffic to or from any host with an IP starting with 98.136.x.x.
Jake Moe
I'll keep that in mind. I'm not sure when it will start this mess again
tho. Sometimes it starts after a day or so, sometimes it is a week or so.
Thanks.
Dale
:-) :-)
