On 08/17/10 20:23, Dale wrote: > Adam Carter wrote: >> >> Is this easy to do? I have no idea where to start except that >> wireshark is installed. >> >> >> Yep, start the capture with Capture -> Interfaces and click on the >> start button next to the correct interface, then right click on one >> of the packets that is to the yahoo box and choose Decode As set the >> port and protocol then apply. You'll need to understand the semantics >> of HTTP for it to be of much use tho. > > You had me until the last part. No semantics here. lol May see if > I can post a little and see if anyone can figure out what the heck it > is doing. I'm thinking some crazy bug or something. Maybe checking > for updates not realizing it's Kopete instead of a Yahoo program. > > Thanks. Post back what I find when it does it again. > > Dale > > :-) :-) > If you do try to send it back to us, you might want to limit what it's capturing; Wireshark can get a *lot* of data quickly.
For instance, if you know it's only communicating with a few servers, after you click on "Capture --> Interfaces", click on the "Options" button, and in the Capture Filter, put "host 98.136.48.110 or host 98.136.42.25", which are the two servers you listed at the beginning of this thread (cs210p2.msg.sp1.yahoo.com and rdis.msg.vip.sp1.yahoo.com). Or you could assume that Yahoo are using the 98.136.0.0 network only for this sort of thing, and use a filter of "net 98.136.0.0/16", which would grab all traffic to or from any host with an IP starting with 98.136.x.x. Jake Moe
