From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OlNBN-00089O-91 for garchives@archives.gentoo.org; Tue, 17 Aug 2010 14:30:29 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A9CF8E0AF9; Tue, 17 Aug 2010 14:29:54 +0000 (UTC) Received: from web51905.mail.re2.yahoo.com (web51905.mail.re2.yahoo.com [206.190.48.68]) by pigeon.gentoo.org (Postfix) with SMTP id 92CBCE0AF9 for ; Tue, 17 Aug 2010 14:29:54 +0000 (UTC) Received: (qmail 5624 invoked by uid 60001); 17 Aug 2010 14:29:54 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1282055394; bh=GZEpcJrU+eb3KcVq126oICGLlxwUh3v+tmQSZWrQ5bs=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=ecI0q3rRQdCaC5Evjw0RGI7XZdszlNu82lEg2YEO/U/yPcR5PElEhWTt6weECAN0A771cLJkRAPjijHz3YGd5AxPy8MX6PInjdeYv8/LD1BexH5Lj1QntJRjq1ufyIgK8Tk7j8BLIhIEJ9E8WiGT0laPhBKHVEzHlKvzcSSN1Ss= DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=h2RYQx5t8usC2UIBSCAmsWZjdMbKLlDa15xIlMNv9zTwBSjlfV9M/xZ5JEJyzXpuFZPhS3hbtfgk8ZmXmWMc/juvCbsECMIzdMuyj/PGVwGz8/ul4LQSiDzH/Vjbtxv5h63yUvaYwQQlSsyIKycpPSbegwMI3vogLHo+FzYJtxQ=; Message-ID: <306497.5595.qm@web51905.mail.re2.yahoo.com> X-YMail-OSG: 9Sgz7DIVM1mRv62.zyEWL7bz2hSTo81On5WaoZUnIB_sKxg q3vwmVWrSEW0Er_lDvvfksYFUgmJQUlvx7KJ2lSCIhfL9Aofq19FMwXMlAZ_ 1jk8srvFyjHJbiZx6wBHNTDpj.y1LLMuC_v7ohkLslSGbNPSFxf6ViaCfCNz tsOcW0CeCBFJnpXq_imsE7hDTMJuByxXl48goPHnK_jIRMF1DhOLhy4SUOkM bsVbTzX6zakXP5JMFk1k3RQ80wuuso3j1wECaOJw75WUq4uySeBqNGf_1vaV NPMwrMxVo3Edi9GUFI_SyFzKq4WTbEfi6x.F7A4FOcYq4s.H2pgBhJZYG0ch pJj8mD9hADVsb Received: from [12.52.185.66] by web51905.mail.re2.yahoo.com via HTTP; Tue, 17 Aug 2010 07:29:54 PDT X-Mailer: YahooMailRC/470 YahooMailWebService/0.8.105.279950 References: <4C684F59.3040903@gmail.com> <201008152329.44195.alan.mckinnon@gmail.com> <4C69C1E4.9090309@gmail.com> <4C69E3CD.5070108@gmail.com> <4C6A224C.2030100@gmail.com> <4C6A633F.5070409@gmail.com> Date: Tue, 17 Aug 2010 07:29:54 -0700 (PDT) From: BRM Subject: Re: [gentoo-user] Yahoo and strange traffic. To: gentoo-user@lists.gentoo.org In-Reply-To: <4C6A633F.5070409@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Archives-Salt: 423c8d62-755f-4694-a71f-20998d7615dc X-Archives-Hash: 612679f0e98ba4979386f8448489cebb ----- Original Message ---- > From: Dale > Adam Carter wrote: > > Is this easy to do? I have no idea where to start except that > > wireshark is installed. > > Yep, start the capture with Capture -> Interfaces and click on the start >button next to the correct interface, then right click on one of the packets >that is to the yahoo box and choose Decode As set the port and protocol then >apply. You'll > > need to understand the semantics of HTTP for it to be of much use tho. > You had me until the last part. No semantics here. lol May see if I can >post a little and see if anyone can figure out what the heck it is doing. I'm >thinking some crazy bug or something. Maybe checking for updates not realizing >it's > > Kopete instead of a Yahoo program. Wireshark will show you the raw packet data, and decode only a little of it - enough to identify the general protocol, senders, etc. So to understand the packet, you will need to understand the application layer protocol - in this case HTTP - yourself as Wireshark won't help you there. But yet, Wireshark, nmap, and nessus security scanner are the tools, less so nessus as it really is more of a port scanner/security hole finder than a debug tool for applications (it's basically an interface for nmap for those purposes). HTH, Ben