Full Disclosure mailing list archives

Re: Sniffing ICQ traffic

From: sith () sithender com
Date: Mon, 10 Nov 2003 10:39:27 -0800

On Mon, Nov 10, 2003 at 09:10:23AM -0800, Jeremiah Cornelius wrote:

On Monday 10 November 2003 08:55, ttsoares () orion ufrgs br wrote:

<SNIP>

By the way... do you know a good text or some examples about how do write
filters to ethereal?  The syntax, variables, etc...



You can also use ngrep.  It is very useful for pulling things you are
interested in out of network traffic.  Here is an example of url grabbing:

ngrep '^GET' "dst port 80"

I'm sure after looking at a couple streams of icq messages it would be easy
to construct a simple filter for them.  You can use regular expressions
which is quite handy. 

-sithEnder

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Sniffing ICQ traffic Randal, Phil (Nov 10)
- <Possible follow-ups>
- Sniffing ICQ traffic Marcos Machado (Nov 10)
  - Re: Sniffing ICQ traffic Jeremiah Cornelius (Nov 10)
    - Re: Sniffing ICQ traffic ttsoares (Nov 10)
    - Re: Sniffing ICQ traffic Jeremiah Cornelius (Nov 10)
    - Re: Sniffing ICQ traffic sith (Nov 10)
    - Re: Sniffing ICQ traffic Darren Bennett (Nov 10)
  - Re: Sniffing ICQ traffic Luiz Gustavo (Nov 12)
    - Re: Sniffing ICQ traffic Marcos Machado (Nov 13)
- Re: Sniffing ICQ traffic Ivan Coric (Nov 10)
- RE: Sniffing ICQ traffic Sergey V. Gordeychik (Nov 11)