----- Original Message ---- > From: Dale <rdalek1...@gmail.com> > Mick wrote: > > On Tuesday 17 August 2010 21:15:51 Dale wrote: > >> Mick wrote: > >>> On 17 August 2010 15:29, BRM<bm_witn...@yahoo.com> wrote: > >>>> ----- Original Message ---- > >>>>> From: Dale<rdalek1...@gmail.com> > >>>>> Adam Carter wrote: > >>>>>> Is this easy to do? I have no idea where to start except that > >>>>>> wireshark is installed. > >>>>>> Yep, start the capture with Capture -> Interfaces and click on the > >>>>>> start > >>>>> button next to the correct interface, then right click on one of the > >>>>> packets that is to the yahoo box and choose Decode As set the port > >>>>> and protocol then apply. You'll > >>>>> need to understand the semantics of HTTP for it to be of much use tho. > >>>>> You had me until the last part. No semantics here. lol May see if > >>>>> I can post a little and see if anyone can figure out what the heck it > >>>>> is doing. I'm thinking some crazy bug or something. Maybe checking > >>>>> for updates not realizing it's > >>>>> Kopete instead of a Yahoo program. > >>>> Wireshark will show you the raw packet data, and decode only a little of > >>>> it - enough to identify the general protocol, senders, etc. > >>>> So to understand the packet, you will need to understand the application > >>>> layer protocol - in this case HTTP - yourself as Wireshark won't help > >>>> you there. > >>>> But yet, Wireshark, nmap, and nessus security scanner are the tools, > >>>> less so nessus as it really is more of a port scanner/security hole > >>>> finder than a debug tool for applications (it's basically an interface > >>>> for nmap for those purposes). > >>> I'm not at home to experiment and I don't use yahoo, but port 5050 is > >>> typically used for mmcc = multi media conference control - does yahoo > >>> offer such a service? It could be a SIP server running there for VoIP > >>> between Yahoo registered users or something similar. > >>> The http connection could be offered as an alternative proxy > >>> connection to the yahoo IM servers for users who are behind > >>> restrictive firewalls. Have you asked as much in the Yahoo user > >>> groups? > >>> The fact that the threads continue after kopete has shut down is not > >>> necessarily of concern as was already explained, unless it carries on > >>> and on for a long time and the flow of packets continues. I don't > >>> know how yahoo VoIP works. Did you install some plugin specific for > >>> yahoo services? If it imitates the Skype architecture then it > >>> essentially runs proxies on clients' machines and this could be an > >>> explanation for the traffic. > >> I don't have VoIP, Skype or that sort of thing here. Here is my Kopete > >> info tho: > >> [ebuild R ] kde-base/kopete-4.4.5-r1 USE="addbookmarks autoreplace > >> contactnotes groupwise handbook highlight history nowlistening pipes > >> privacy ssl statistics texteffect translator urlpicpreview yahoo > >> zeroconf (-aqua) -debug -gadu -jabber -jingle (-kdeenablefinal) > >> (-kdeprefix) -latex -meanwhile -msn -oscar -otr -qq -skype -sms -testbed > >> -v4l2 -webpresence -winpopup" 0 kB > >> Anything there that cold cause a problem? > > No, I can't see anything suspicious, you don't even have skype or v4l2 > > enabled, so it is unlikely that it is running some webcam stream (as part of > > VoIP). > I'm thinking it is Yahoo wanting to upgrade something but not realizing > that I'm not using their client but using kopete. Yahoo isn't the > sharpest tool in the shed you know?
I doubt that's the case. I use Pidgin with Yahoo, and haven't had that kind of thing so far as I'm aware. Ben
