[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Sniffing ICQ traffic

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Sniffing ICQ traffic
From: sith@sithender.com
Date: Mon, 10 Nov 2003 10:39:27 -0800

On Mon, Nov 10, 2003 at 09:10:23AM -0800, Jeremiah Cornelius wrote:
> On Monday 10 November 2003 08:55, ttsoares@orion.ufrgs.br wrote:
> 
> <SNIP>
> > By the way... do you know a good text or some examples about how do write
> > filters to ethereal?  The syntax, variables, etc...

You can also use ngrep.  It is very useful for pulling things you are
interested in out of network traffic.  Here is an example of url grabbing:

ngrep '^GET' "dst port 80"

I'm sure after looking at a couple streams of icq messages it would be easy
to construct a simple filter for them.  You can use regular expressions
which is quite handy. 

-sithEnder

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Sniffing ICQ traffic
  - From: Marcos Machado <listas@istf.com.br>
- Re: [Full-Disclosure] Sniffing ICQ traffic
  - From: Jeremiah Cornelius <jeremiah@nur.net>
- Re: [Full-Disclosure] Sniffing ICQ traffic
  - From: ttsoares@orion.ufrgs.br
- Re: [Full-Disclosure] Sniffing ICQ traffic
  - From: Jeremiah Cornelius <jeremiah@nur.net>

Prev by Date: Re: [Full-Disclosure] Feeding Stray Cats (off-topic, but what isn't on this list?)
Next by Date: weekend silence [WAS: RE: [Full-Disclosure] Feeding Stray Cats]
Previous by thread: Re: [Full-Disclosure] Sniffing ICQ traffic
Next by thread: Re: [Full-Disclosure] Sniffing ICQ traffic
Index(es):
- Date
- Thread