From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OlJL3-0004HD-2t for garchives@archives.gentoo.org; Tue, 17 Aug 2010 10:24:13 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 25DBFE0A88; Tue, 17 Aug 2010 10:24:03 +0000 (UTC) Received: from mail-gx0-f181.google.com (mail-gx0-f181.google.com [209.85.161.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 046AFE0A88 for ; Tue, 17 Aug 2010 10:24:02 +0000 (UTC) Received: by gxk1 with SMTP id 1so700097gxk.40 for ; Tue, 17 Aug 2010 03:24:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=66ra96KRfcFI9u6JMw6fLq3bflWwjMR9KSbg/laRtbI=; b=fivSXsY6tJufGsIXdSW5ocWgpl95COWjMhuphrsLGOKcPuQim2tRem2mgT6+aYv/lI CB3FaZYopuCJMMun4uwSY2HkAj5s8FctorQxc8mKiNSIr7PJY9L3OgK3R3vSOG/raLIv wfOlSN3peik24XDAT0HkbYYGuIuTZ2NW9I24Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=JFYkTowsIhU9xrDAYMxcddkwkuQNXMHT5jmL1zUcGHQIqUjT6DC44XBsy5b9qIA3dz 76JR42EQu0Mt8JBOahNntZvu08HEgAMfR7J0CaDS6k108E16J/d2XTDuDyxtNbBzkdNL 9AZLTvFsRXDn/HmFigGyzkbjfSFBr8ROH0HSk= Received: by 10.151.150.2 with SMTP id c2mr6886043ybo.404.1282040642751; Tue, 17 Aug 2010 03:24:02 -0700 (PDT) Received: from [192.168.1.2] (adsl-0-123-240.jan.bellsouth.net [65.0.123.240]) by mx.google.com with ESMTPS id m11sm7682138ybn.16.2010.08.17.03.24.00 (version=SSLv3 cipher=RC4-MD5); Tue, 17 Aug 2010 03:24:01 -0700 (PDT) Message-ID: <4C6A633F.5070409@gmail.com> Date: Tue, 17 Aug 2010 05:23:59 -0500 From: Dale User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100801 Gentoo/2.0.6 SeaMonkey/2.0.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Yahoo and strange traffic. References: <4C684F59.3040903@gmail.com> <201008152329.44195.alan.mckinnon@gmail.com> <4C69C1E4.9090309@gmail.com> <4C69E3CD.5070108@gmail.com> <4C6A224C.2030100@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: eef04901-9dd7-45f5-bcd9-023031fb3b2b X-Archives-Hash: fa27ab9c0cc7f58d92d3a7e2649b8861 Adam Carter wrote: > > Is this easy to do? I have no idea where to start except that > wireshark is installed. > > > Yep, start the capture with Capture -> Interfaces and click on the > start button next to the correct interface, then right click on one of > the packets that is to the yahoo box and choose Decode As set the port > and protocol then apply. You'll need to understand the semantics of > HTTP for it to be of much use tho. You had me until the last part. No semantics here. lol May see if I can post a little and see if anyone can figure out what the heck it is doing. I'm thinking some crazy bug or something. Maybe checking for updates not realizing it's Kopete instead of a Yahoo program. Thanks. Post back what I find when it does it again. Dale :-) :-)