From: Jake Moe <jakesaddress@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Yahoo and strange traffic.
Date: Tue, 17 Aug 2010 21:15:25 +1000 [thread overview]
Message-ID: <4C6A6F4D.6080900@gmail.com> (raw)
In-Reply-To: <4C6A633F.5070409@gmail.com>
On 08/17/10 20:23, Dale wrote:
> Adam Carter wrote:
>>
>> Is this easy to do? I have no idea where to start except that
>> wireshark is installed.
>>
>>
>> Yep, start the capture with Capture -> Interfaces and click on the
>> start button next to the correct interface, then right click on one
>> of the packets that is to the yahoo box and choose Decode As set the
>> port and protocol then apply. You'll need to understand the semantics
>> of HTTP for it to be of much use tho.
>
> You had me until the last part. No semantics here. lol May see if
> I can post a little and see if anyone can figure out what the heck it
> is doing. I'm thinking some crazy bug or something. Maybe checking
> for updates not realizing it's Kopete instead of a Yahoo program.
>
> Thanks. Post back what I find when it does it again.
>
> Dale
>
> :-) :-)
>
If you do try to send it back to us, you might want to limit what it's
capturing; Wireshark can get a *lot* of data quickly.
For instance, if you know it's only communicating with a few servers,
after you click on "Capture --> Interfaces", click on the "Options"
button, and in the Capture Filter, put "host 98.136.48.110 or host
98.136.42.25", which are the two servers you listed at the beginning of
this thread (cs210p2.msg.sp1.yahoo.com and rdis.msg.vip.sp1.yahoo.com).
Or you could assume that Yahoo are using the 98.136.0.0 network only for
this sort of thing, and use a filter of "net 98.136.0.0/16", which would
grab all traffic to or from any host with an IP starting with 98.136.x.x.
Jake Moe
next prev parent reply other threads:[~2010-08-17 11:15 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-15 20:34 [gentoo-user] Yahoo and strange traffic Dale
2010-08-15 20:55 ` Paul Hartman
2010-08-15 21:18 ` BRM
2010-08-15 21:35 ` Dale
2010-08-15 22:25 ` Peter Humphrey
2010-08-15 22:48 ` Dale
2010-08-15 21:29 ` Alan McKinnon
2010-08-16 22:55 ` Dale
2010-08-16 23:39 ` Adam Carter
2010-08-17 1:20 ` Dale
2010-08-17 1:32 ` Adam Carter
2010-08-17 5:46 ` Dale
2010-08-17 6:09 ` Adam Carter
2010-08-17 10:23 ` Dale
2010-08-17 11:15 ` Jake Moe [this message]
2010-08-17 11:26 ` Dale
2010-08-17 14:29 ` BRM
2010-08-17 16:10 ` Mick
2010-08-17 20:15 ` Dale
2010-08-17 21:11 ` Mick
2010-08-17 21:32 ` Dale
2010-08-18 2:09 ` BRM
2010-08-18 2:18 ` Dale
2010-08-18 2:18 ` Dale
2010-08-25 2:36 ` Dale
2010-08-25 8:08 ` Joshua Murphy
2010-08-25 9:58 ` Dale
2010-08-25 13:21 ` BRM
2010-08-25 13:57 ` Joshua Murphy
2010-08-25 22:34 ` Dale
2010-08-15 21:32 ` Mick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C6A6F4D.6080900@gmail.com \
--to=jakesaddress@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox