Wireshark-dev: Re: [Wireshark-dev] A simple question about wireshark: confusion about OICQ prot

From: "Tamazov, Artem" <artem.tamazov@xxxxxxxxxxx>
Date: Thu, 5 Mar 2009 09:45:44 -0600
Hello Adele,
 
jl007@xxxxxxxxxxxxxx> how  Wireshark works and decide a packet is an OICQ packet?
jl007@xxxxxxxxxxxxxx> I mean, besides of the UDP port, are there any other ways for Wireshark
jl007@xxxxxxxxxxxxxx> to categorise a packet to be an OICQ packet?
 
The most obvious (but maybe not easy for you) way to find this out is looking into source code.
If you are not familiar with C language, you can ask Secfire <secfire@xxxxxxxxx>,
the author if OICQ dissector.
 
br artem//


From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of philippe alarcon
Sent: Thursday, March 05, 2009 5:36 PM
To: wireshark-dev
Subject: Re: [Wireshark-dev] A simple question about wireshark: confusion about OICQ protocol analysis

Hello,

It seems that WireShark is able to recognise OICQ protocol.
See the following page :
http://www.wireshark.org/docs/dfref/o/oicq.html

May be this could help you.

Regards
Philippe


From: jl007@xxxxxxxxxxxxxx
To: wireshark-dev@xxxxxxxxxxxxx
Date: Thu, 5 Mar 2009 17:48:38 -0800
Subject: [Wireshark-dev] A simple question about wireshark: confusion about OICQ protocol analysis

Dear all,

 

Here I have a very detailed question and I would like to thank you all for your help in advance.

 

Some background information first:

 

Thunder is a very popular P2P file downloading software in China and it is not open sourced. Recently I have been doing some protocol analysis experiments about Thunder by Wireshark. Experiment descriptions are as follows:

 

Experiment 1 :  Close other applications and run Thunder------I will get a lot of packets with the protocol name as OICQ. (OICQ is a very popular IM soft ware in china but actually during this experiment I did not open it).

 

Experiment 2:  keeping all other setting unchanged, I  close Thunder, immediately after experiment 1---------Here I did not get any OICQ packets anymore.

 

Actually I have talk to some guys who work in OICQ company and according to them, Thunder and OICQ are competitors and there are not any co-operations between them.  So I am really confused that how I can capture OICQ packets from Thunder while the OICQ is not running.  Therefore, if it is possible, may I ask how  Wireshark works and decide a packet is an OICQ packet? I mean, besides of the UDP port, are there any other ways for Wireshark to categorise a packet to be an OICQ packet?

 

Actually I am really confused here and your help will be really appreciated for me.

 

Thank you in advance and best regards,

 

Adele JIA



Découvrez toutes les possibilités de communication avec vos proches
============================================================
The information contained in this message may be privileged
and confidential and protected from disclosure. If the reader
of this message is not the intended recipient, or an employee
or agent responsible for delivering this message to the
intended recipient, you are hereby notified that any reproduction,
dissemination or distribution of this communication is strictly
prohibited. If you have received this communication in error,
please notify us immediately by replying to the message and
deleting it from your computer. Thank you. Tellabs
============================================================