Wireshark-users: Re: [Wireshark-users] WIRESHARK AND CAMFROG CHAT SYSTEM

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Sun, 10 Oct 2010 17:07:29 +1100
Joseph,

If you want to build a display filter, probably the best bet is to use the "_expression_" button near filter entry box and use that to guide you.

TCP port display filters will look something like "tcp.port == 1234" (which include TCP port 1234 as both source or destination port). You can specify these exactly with "tcp.srcport ==1234" or "tcp.dstport == 1234". A range could be specified as "tcp.port >= 6000 && tcp.port <= 10000". You can also specifiy "udp' in the same way.

While this will help isolate the traffic (from other traffic on your network) it doesn't necessarily make your job easier. From a look via Google, it seems that a number of researchers have had a go at trying to decode it, but like any other proprietary and obscure protocol, the job seems pretty difficult when you are only reverse engineering. To be honest unless you are already familiar with how other well know protocols like say HTTP, SSL or RTP work, you are probably facing an uphill job unless you are prepared to put in some long hours.

Regards, Martin

MartinVisser99@xxxxxxxxx


On Sun, Oct 10, 2010 at 3:36 PM, Joseph Johnson <xbetas@xxxxxxxx> wrote:
Cliquez-moi!
I DONT KNOW HOW THAT WORK BUT WHEN I TRY
 
WIRESHARK WHEN  ITS SNIFF THE NETWORK I DONT SEE LIKE FILTERS WORDS WHEN I (IM) PEOPLE I LIKE ENCRYPTED WHEN I AM CONNECTING ONT THE CHATSYSTEME I SEE IP BUT I CAN FIND NOTHING ALL ABOUT WHAT AM SEARCHING ONT WIRESHARK
 
CAN SOME ONE SEND ME A FILTER ALL ABOUT WHAT I HAVE MAKE HERE WITH THE TCP AND UDP BEGIN AND END CAN SOME ONE SEND ME A EXAMPLE OFF _expression_ FILTER
 
CAMFROG SERVER SETTING
 
SERVER LISTENING TCP PORT: 6005
TCP RANGE BEGIN: 6000
TCP RANGE END: 10000
 
UDP RANGE BEGIN: 5000
UDP RANGE END: 15000
 
Animations GRATUITES pour votre messagerie - par IncrediMail! Cliquez ici!

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe