Re: [SLUG] Sniff

From: Eben King (eben1@tampabay.rr.com)
Date: Wed Nov 02 2005 - 17:31:56 EST


On Wed, 2 Nov 2005, Steven Buehler wrote:

> On Nov 2, 2005, at 3:30 PM, Eben King wrote:
>
> > Maybe tcpdump, and tell it to show packets headed for or coming
> > from login.oscar.aol.com:5190, messenger.hotmail.com:1863, or
> > scs.msg.yahoo.com:5050. Course decoding the sender/recipient is up
> > to you. Maybe it'll be nice and be in plain text? "od" is
> > probably your friend at this point.
>
> AIM can be contacted on multiple ports, including Port 21 (which is
> how I get to it from my corporate network, where Port 21 is open for
> FTP). It can also go through Socks or HTTP proxies (imsmarter.com is
> a great example of a Socks proxy on Port 80 for AIM, Yahoo, or MSN).

Hmm, that throws a spanner in the works. Can tcpdump search all packets for
a particular format or bytestring? That sounds CPU-intensive; not for a
device short of computrons.

Anybody determined to get past scanning will. Such a method would only log
the actions of naive users.

-- 
-eben    ebQenW1@EtaRmpTabYayU.rIr.OcoPm    home.tampabay.rr.com/hactar

Logic is a systematic method of coming to the wrong conclusion with confidence.

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:35:40 EDT