Personal Web Space

Posts Tagged "wireshark"

Packet Sniffing with WireShark

on 6 June, 2010 in Blog | 0 comments

Download and install Wireshark from http://www.wireshark.org/. Launch the application. Go to Capture -> Options. Select the interface for the wireless network card and tick Capture packets in promiscuous mode. Then press Start. MSN conversation hack: Wireshark will start capturing packets that flow around. Among others we notice at the protocol field the MSNMS (Microsoft Network Messenger Service). This is the protocol used for exchanging instant messages between clients in the Microsoft Messenger service. Each line represents a captured frame and the sniffer logs the sequence in which the packets received, the time, the source, the destination, the protocol and some other information. In the next block we can observe information about the protocol used and at the lower part of the figure we can observe the hexdamp form of the captured frame. Using the Filter field we can concentrate on specific information. By typing MSNMS it will only display the packet of the specified protocol. Right click on the packet you want to sniff and select Follow TCP Stream.  This option does exactly what is says, it follows the specific sequence of packets used in this session. Select the ASCII option from the bottom right corner of the dialog box. The following is a cut down version of what will appear in the dialog box. ANS 88 stavros-msn@hotmail.com;{33C41B80-C54D-4FE6-8E31-5362BD8D23A6} 142171146.40169236 1084207748 IRO 88 1 2 lxiasstelios@msn.com;{1cd9c7bd-3e5e-4160-ae5e-9d8766cc6c96} S,TeLi0s 2788999228:136240 IRO 88 2 2 lxiasstelios@msn.com S,TeLi0s 2788999228:136240 ANS 88 OK JOI stavros-msn@hotmail.com Stavros 2789003324:136240 MSG lxiasstelios@msn.com S,TeLi0s 148 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-MMS-IM-Format: FN=Microsoft%20Sans%20Serif; EF=; CO=ff0000; CS=0; PF=22 GoodmorningMSG lxiasstelios@msn.com S,TeLi0s 93 MIME-Version: 1.0 Content-Type: text/x-msmsgscontrol TypingUser: lxiasstelios@msn.com MSG lxiasstelios@msn.com S,TeLi0s 149 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-MMS-IM-Format: FN=Microsoft%20Sans%20Serif; EF=; CO=ff0000; CS=0; PF=22 how are you?MSG 89 U 96 MIME-Version: 1.0 Content-Type: text/x-msmsgscontrol TypingUser: stavros-msn@hotmail.com .................. Goddmorning stelios. I am ok and you?MSG lxiasstelios@msn.com S,TeLi0s 93 .................. fine thanks. What did you think of the test we had yesterday?MSG 92 U 96 .................. i thought it wasnt very difficultMSG 95 U 96 .................. i think i did very weelMSG 97 U 96 ................... sure, that sounds greatMSG lxiasstelios@msn.com S,TeLi0s 93 .................. ok meet there at 730?MSG 105 U 96 .................. ok see you thereMSG 107 U 96 MIME-Version: 1.0 Content-Type: text/x-msmsgscontrol...

Read More