Re: [Full-Disclosure] Sniffing ICQ traffic
From: Ivan Coric (ivan.coric_at_workcoverqld.com.au)
Date: 11/11/03
- Previous message: Jean-Baptiste Marchand: "Re: [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports"
- Maybe in reply to: Marcos Machado: "[Full-Disclosure] Sniffing ICQ traffic"
- Next in thread: Sergey V. Gordeychik: "RE: [Full-Disclosure] Sniffing ICQ traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <jeremiah@nur.net>, <ttsoares@orion.ufrgs.br> Date: Tue, 11 Nov 2003 09:18:21 +1000
ninja site for tcpdump/ethereal filters
http://home.insight.rr.com/procana/
enjoy
Ivan
Ivan Coric CISSP
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric@workcoverqld.com.au
>>> <ttsoares@orion.ufrgs.br> 11/11/03 02:55am >>>
Quoting Jeremiah Cornelius <jeremiah@nur.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Monday 10 November 2003 05:40, Marcos Machado wrote:
> > Does anybody know about any tool to sniff ICQ traffic?
> >
> > I've been searching for a week without success. I am currently using the
> > msgsnarf from dsniff package (2.3), but it works only with a limited
> > version (2k) and the protocol has changed. Nowadays, it's quite useless.
>
> Ethereal:
> http://www.ethereal.com/
>
> Win32 Complete Installer:
> http://download.openxtra.com/epa/3_1_0/Network/Ethereal_XTRA.exe
>
> "Because anything less, would be uncivilized."
>
> Protocol reassembly - "ICQ"
> Tools - "Follow TCP Stream"
By the way... do you know a good text or some examples about how do write
filters to ethereal? The syntax, variables, etc...
Thks.
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times.
This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Jean-Baptiste Marchand: "Re: [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports"
- Maybe in reply to: Marcos Machado: "[Full-Disclosure] Sniffing ICQ traffic"
- Next in thread: Sergey V. Gordeychik: "RE: [Full-Disclosure] Sniffing ICQ traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
