From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Yahoo and strange traffic.
Date: Tue, 17 Aug 2010 17:10:24 +0100 [thread overview]
Message-ID: <AANLkTi=5beUNGNVNN2t7LXbdPoKj7VfZBcOCZ9CmVtXU@mail.gmail.com> (raw)
In-Reply-To: <306497.5595.qm@web51905.mail.re2.yahoo.com>
On 17 August 2010 15:29, BRM <bm_witness@yahoo.com> wrote:
> ----- Original Message ----
>
>> From: Dale <rdalek1967@gmail.com>
>> Adam Carter wrote:
>> > Is this easy to do? I have no idea where to start except that
>> > wireshark is installed.
>> > Yep, start the capture with Capture -> Interfaces and click on the start
>>button next to the correct interface, then right click on one of the packets
>>that is to the yahoo box and choose Decode As set the port and protocol then
>>apply. You'll
>>
>> need to understand the semantics of HTTP for it to be of much use tho.
>> You had me until the last part. No semantics here. lol May see if I can
>>post a little and see if anyone can figure out what the heck it is doing. I'm
>>thinking some crazy bug or something. Maybe checking for updates not realizing
>>it's
>>
>> Kopete instead of a Yahoo program.
>
> Wireshark will show you the raw packet data, and decode only a little of it -
> enough to identify the general protocol, senders, etc.
> So to understand the packet, you will need to understand the application layer
> protocol - in this case HTTP - yourself as Wireshark won't help you there.
>
> But yet, Wireshark, nmap, and nessus security scanner are the tools, less so
> nessus as it really is more of a port scanner/security hole finder than a debug
> tool for applications (it's basically an interface for nmap for those purposes).
I'm not at home to experiment and I don't use yahoo, but port 5050 is
typically used for mmcc = multi media conference control - does yahoo
offer such a service? It could be a SIP server running there for VoIP
between Yahoo registered users or something similar.
The http connection could be offered as an alternative proxy
connection to the yahoo IM servers for users who are behind
restrictive firewalls. Have you asked as much in the Yahoo user
groups?
The fact that the threads continue after kopete has shut down is not
necessarily of concern as was already explained, unless it carries on
and on for a long time and the flow of packets continues. I don't
know how yahoo VoIP works. Did you install some plugin specific for
yahoo services? If it imitates the Skype architecture then it
essentially runs proxies on clients' machines and this could be an
explanation for the traffic.
--
Regards,
Mick
next prev parent reply other threads:[~2010-08-17 16:10 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-15 20:34 [gentoo-user] Yahoo and strange traffic Dale
2010-08-15 20:55 ` Paul Hartman
2010-08-15 21:18 ` BRM
2010-08-15 21:35 ` Dale
2010-08-15 22:25 ` Peter Humphrey
2010-08-15 22:48 ` Dale
2010-08-15 21:29 ` Alan McKinnon
2010-08-16 22:55 ` Dale
2010-08-16 23:39 ` Adam Carter
2010-08-17 1:20 ` Dale
2010-08-17 1:32 ` Adam Carter
2010-08-17 5:46 ` Dale
2010-08-17 6:09 ` Adam Carter
2010-08-17 10:23 ` Dale
2010-08-17 11:15 ` Jake Moe
2010-08-17 11:26 ` Dale
2010-08-17 14:29 ` BRM
2010-08-17 16:10 ` Mick [this message]
2010-08-17 20:15 ` Dale
2010-08-17 21:11 ` Mick
2010-08-17 21:32 ` Dale
2010-08-18 2:09 ` BRM
2010-08-18 2:18 ` Dale
2010-08-18 2:18 ` Dale
2010-08-25 2:36 ` Dale
2010-08-25 8:08 ` Joshua Murphy
2010-08-25 9:58 ` Dale
2010-08-25 13:21 ` BRM
2010-08-25 13:57 ` Joshua Murphy
2010-08-25 22:34 ` Dale
2010-08-15 21:32 ` Mick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='AANLkTi=5beUNGNVNN2t7LXbdPoKj7VfZBcOCZ9CmVtXU@mail.gmail.com' \
--to=michaelkintzios@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox