Dear all,
Here I have a very detailed question and I would like to thank you all for your help in advance. Some background information first: Thunder is a very popular P2P file downloading software in China and it is not open sourced. Recently I have been doing some protocol analysis experiments about Thunder by Wireshark. Experiment descriptions are as follows: Experiment 1 : Close other applications and run Thunder------I will get a lot of packets with the protocol name as OICQ. (OICQ is a very popular IM soft ware in china but actually during this experiment I did not open it). Experiment 2: keeping all other setting unchanged, I close Thunder, immediately after experiment 1---------Here I did not get any OICQ packets anymore. Actually I have talk to some guys who work in OICQ company and according to them, Thunder and OICQ are competitors and there are not any co-operations between them. So I am really confused that how I can capture OICQ packets from Thunder while the OICQ is not running. Therefore, if it is possible, may I ask how Wireshark works and decide a packet is an OICQ packet? I mean, besides of the UDP port, are there any other ways for Wireshark to categorise a packet to be an OICQ packet? Actually I am really confused here and your help will be really appreciated for me. Thank you in advance and best regards, Adele JIA
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
