TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Actually this is not true either, it depends on your locale and what server
farm one is connecting to and from what region.
AIM is a very fun thing to play with, also SameTime for Lotus Notes is also
pretty cool.. :)
/mark
At 11:47 PM 9/16/00 +0000, R Hampson wrote:
>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
>[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
>----------------------------------------------------------------------------
>
>Hello all,
>
>Be careful assuming that the AOL client will always be connecting on port
>5190 this is the default, but can be changed to almost *any* port number
>between 0 and 65K. Also, the servers the client connects to are farmed,
>and thus the IP address of the server changes every time the client makes
>a connection as demonstrated below
>
>C:\>ping login.oscar.aol.com
>
>Pinging login.oscar.aol.com [205.188.7.172] with 32 bytes of data:
>
>C:\>ping login.oscar.aol.com
>
>Pinging login.oscar.aol.com [205.188.7.168] with 32 bytes of data:
>
>C:\>ping login.oscar.aol.com
>
>Pinging login.oscar.aol.com [205.188.7.172] with 32 bytes of data:
>
>C:\>ping login.oscar.aol.com
>
>Pinging login.oscar.aol.com [205.188.7.176] with 32 bytes of data:
>
>C:\>ping login.oscar.aol.com
>
>Pinging login.oscar.aol.com [205.188.7.176] with 32 bytes of data:
>
>C:\>ping login.oscar.aol.com
>
>Pinging login.oscar.aol.com [205.188.7.164] with 32 bytes of data:
>
>The only constant is the host name that is being connected to
>(login.oscar.aol.com), so any capture would have to be based solely on that.
>One other option... if you have a particular client that you wish to
>monitor... capture all their traffic, figure out what port they are
>running the AOL IM client on and then filter just on that port. It can
>still be messy however if they are running on a heavily used port such as
>80, 135 or 139...
>
>Hope that helps a bit...
>
>Regards
>
>Ric
>
>
>
>
>-----Original Message-----
>From: Matthew F. Caldwell [mailto:[EMAIL PROTECTED]]
>Sent: Saturday, September 16, 2000 11:26 AM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: Aol Instant Messeger
>
>
>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
>[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
>----------------------------------------------------------------------------
>
>Like Mark says you would be better off with a sniffer. However if you must
>look at the traffic with real secure. You can create a connections rule in
>your policy to watch for TCP port 5190 (realtime logging and play back).
>Which I believe is the control port of the AIM protocol. Setup AIM on your
>local machine and using netstat -an determine what ports the system is
>communicating on then you can specify those ports in real secure or a
>sniffer
>
>--
>Matthew F. Caldwell, CISSP - Chief Technical Officer
> Guarded.Net, Inc. Email: [EMAIL PROTECTED]
>Ph:404.880.3373 Fx:404.880.3374 Cl:678-428-5095
>---------------------------------------------------------
>This e-mail may contain proprietary commercial information and is intended
>for the addressed recipient(s) only. If you are not an addressed recipient
>of this e-mail and have received it in error, you must delete it. You may
>not forward or disseminate information contained in this e-mail without
>permission from Guarded.Net.
>Questions? Contact [EMAIL PROTECTED]
>---------------------------------------------------------
>
>_________________________________________________________________________
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>Share information about yourself, create your own public profile at
>http://profiles.msn.com.
>
