Ethereal-users: Re: [Ethereal-users] Unknown ICQ Messages

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 22 Feb 2002 13:01:33 -0800
On Fri, Feb 22, 2002 at 11:20:09AM -0500, Scott Fringer wrote:
>   Any ideas what these are informing me of (besides the obvious that
> it's not sure of the version of some ICQ traffic).

It's informing you that the version number in a packet that it thought
might be an ICQ packet, because it was sent to or from UDP port 4000,
doesn't have a version number that it recognizes.

This could either mean

	1) somebody's using some new version of ICQ

or, more likely

	2) the traffic isn't actually ICQ traffic.

> How do I determine the offending frames?

Look for ICQ traffic by using a display filter of "icq", and then look
for frames where the ICQ data isn't actually dissected.