wireshark-users October 2010 archive
Main Archive Page > Month Archives  > wireshark-users archives
wireshark-users: Re: [Wireshark-users] WIRESHARK AND CAMFROG CHA

Re: [Wireshark-users] WIRESHARK AND CAMFROG CHAT SYSTEM

From: Martin Visser <martinvisser99_at_nospam>
Date: Sun Oct 10 2010 - 06:07:29 GMT
To: Community support list for Wireshark <wireshark-users@wireshark.org>

Joseph,

If you want to build a display filter, probably the best bet is to use the
"Expression" button near filter entry box and use that to guide you.

TCP port display filters will look something like "tcp.port == 1234" (which
include TCP port 1234 as both source or destination port). You can specify
these exactly with "tcp.srcport ==1234" or "tcp.dstport == 1234". A range
could be specified as "tcp.port >= 6000 && tcp.port <= 10000". You can also
specifiy "udp' in the same way.

While this will help isolate the traffic (from other traffic on your
network) it doesn't necessarily make your job easier. From a look via
Google, it seems that a number of researchers have had a go at trying to
decode it, but like any other proprietary and obscure protocol, the job
seems pretty difficult when you are only reverse engineering. To be honest
unless you are already familiar with how other well know protocols like say
HTTP, SSL or RTP work, you are probably facing an uphill job unless you are
prepared to put in some long hours.

Regards, Martin

MartinVisser99@gmail.com

On Sun, Oct 10, 2010 at 3:36 PM, Joseph Johnson <xbetas@b2b2c.ca> wrote:

> [image: Cliquez-moi!]<http://www.incredimail.com/app/?tag=display_picture_click_me_re&lang=12&version=6224750&setup_id=12000007&aff_id=102&addon=IncrediMail&upn=e5c157cd-4b59-45c9-97d2-e818d7a5976e>
> I DONT KNOW HOW THAT WORK BUT WHEN I TRY
>
> WIRESHARK WHEN ITS SNIFF THE NETWORK I DONT SEE LIKE FILTERS WORDS WHEN I
> (IM) PEOPLE I LIKE ENCRYPTED WHEN I AM CONNECTING ONT THE CHATSYSTEME I SEE
> IP BUT I CAN FIND NOTHING ALL ABOUT WHAT AM SEARCHING ONT WIRESHARK
>
> CAN SOME ONE SEND ME A FILTER ALL ABOUT WHAT I HAVE MAKE HERE WITH THE TCP
> AND UDP BEGIN AND END CAN SOME ONE SEND ME A EXAMPLE OFF EXPRESSION FILTER
>
> CAMFROG SERVER SETTING
>
> SERVER LISTENING TCP PORT: 6005
> TCP RANGE BEGIN: 6000
> TCP RANGE END: 10000
>
> UDP RANGE BEGIN: 5000
> UDP RANGE END: 15000
>
> [image: Animations GRATUITES pour votre messagerie - par IncrediMail!
> Cliquez ici!]<http://www.incredimail.com/?id=605280&rui=131237960&sd=20101010>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@wireshark.org
> ?subject=unsubscribe
>

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe