Wireshark mailing list archives

Re: WIRESHARK AND CAMFROG CHAT SYSTEM

From: Martin Visser <martinvisser99 () gmail com>
Date: Sun, 10 Oct 2010 17:07:29 +1100

Joseph,

If you want to build a display filter, probably the best bet is to use the
"Expression" button near filter entry box and use that to guide you.

TCP port display filters will look something like "tcp.port == 1234" (which
include TCP port 1234 as both source or destination port). You can specify
these exactly with "tcp.srcport ==1234" or "tcp.dstport == 1234". A range
could be specified as "tcp.port >= 6000 && tcp.port <= 10000". You can also
specifiy "udp' in the same way.

While this will help isolate the traffic (from other traffic on your
network) it doesn't necessarily make your job easier. From a look via
Google, it seems that a number of researchers have had a go at trying to
decode it, but like any other proprietary and obscure protocol, the job
seems pretty difficult when you are only reverse engineering. To be honest
unless you are already familiar with how other well know protocols like say
HTTP, SSL or RTP work, you are probably facing an uphill job unless you are
prepared to put in some long hours.

Regards, Martin

MartinVisser99 () gmail com


On Sun, Oct 10, 2010 at 3:36 PM, Joseph Johnson <xbetas () b2b2c ca> wrote:

   [image: 
Cliquez-moi!]<http://www.incredimail.com/app/?tag=display_picture_click_me_re&lang=12&version=6224750&setup_id=12000007&aff_id=102&addon=IncrediMail&upn=e5c157cd-4b59-45c9-97d2-e818d7a5976e>
 I DONT KNOW HOW THAT WORK BUT WHEN I TRY

WIRESHARK WHEN  ITS SNIFF THE NETWORK I DONT SEE LIKE FILTERS WORDS WHEN I
(IM) PEOPLE I LIKE ENCRYPTED WHEN I AM CONNECTING ONT THE CHATSYSTEME I SEE
IP BUT I CAN FIND NOTHING ALL ABOUT WHAT AM SEARCHING ONT WIRESHARK

CAN SOME ONE SEND ME A FILTER ALL ABOUT WHAT I HAVE MAKE HERE WITH THE TCP
AND UDP BEGIN AND END CAN SOME ONE SEND ME A EXAMPLE OFF EXPRESSION FILTER

CAMFROG SERVER SETTING

SERVER LISTENING TCP PORT: 6005
TCP RANGE BEGIN: 6000
TCP RANGE END: 10000

UDP RANGE BEGIN: 5000
UDP RANGE END: 15000

   [image: Animations GRATUITES pour votre messagerie - par IncrediMail!
Cliquez ici!]<http://www.incredimail.com/?id=605280&rui=131237960&sd=20101010>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

WIRESHARK AND CAMFROG CHAT SYSTEM Joseph Johnson (Oct 09)
- Re: WIRESHARK AND CAMFROG CHAT SYSTEM Martin Visser (Oct 09)
- Re: WIRESHARK AND CAMFROG CHAT SYSTEM David H. Lipman (Oct 10)