Hello Adele, [email protected]> how Wireshark works and decide a packet is an OICQ packet? [email protected]> I mean, besides of the UDP port, are there any other ways for Wireshark [email protected]> to categorise a packet to be an OICQ packet?
The most obvious (but maybe not easy for you) way to find this out is looking into source code. If you are not familiar with C language, you can ask Secfire <[email protected]<mailto:[email protected]>>, the author if OICQ dissector. br artem// ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of philippe alarcon Sent: Thursday, March 05, 2009 5:36 PM To: wireshark-dev Subject: Re: [Wireshark-dev] A simple question about wireshark: confusion about OICQ protocol analysis Hello, It seems that WireShark is able to recognise OICQ protocol. See the following page : http://www.wireshark.org/docs/dfref/o/oicq.html May be this could help you. Regards Philippe ________________________________ From: [email protected] To: [email protected] Date: Thu, 5 Mar 2009 17:48:38 -0800 Subject: [Wireshark-dev] A simple question about wireshark: confusion about OICQ protocol analysis Dear all, Here I have a very detailed question and I would like to thank you all for your help in advance. Some background information first: Thunder is a very popular P2P file downloading software in China and it is not open sourced. Recently I have been doing some protocol analysis experiments about Thunder by Wireshark. Experiment descriptions are as follows: Experiment 1 : Close other applications and run Thunder------I will get a lot of packets with the protocol name as OICQ. (OICQ is a very popular IM soft ware in china but actually during this experiment I did not open it). Experiment 2: keeping all other setting unchanged, I close Thunder, immediately after experiment 1---------Here I did not get any OICQ packets anymore. Actually I have talk to some guys who work in OICQ company and according to them, Thunder and OICQ are competitors and there are not any co-operations between them. So I am really confused that how I can capture OICQ packets from Thunder while the OICQ is not running. Therefore, if it is possible, may I ask how Wireshark works and decide a packet is an OICQ packet? I mean, besides of the UDP port, are there any other ways for Wireshark to categorise a packet to be an OICQ packet? Actually I am really confused here and your help will be really appreciated for me. Thank you in advance and best regards, Adele JIA ________________________________ Découvrez toutes les possibilités de communication avec vos proches<http://www.microsoft.com/windows/windowslive/default.aspx> ============================================================ The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any reproduction, dissemination or distribution of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Tellabs ============================================================
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
