HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 79 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Wirelessarrow Question On Sniffing MSN Conversation Using Wireshark
EH-Net
May 25, 2012, 10:49:01 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Question On Sniffing MSN Conversation Using Wireshark  (Read 9828 times)
0 Members and 1 Guest are viewing this topic.
hitmen
Newbie
*
Offline Offline

Posts: 4


View Profile
« on: August 02, 2010, 05:11:41 AM »
I know that MSN uses tcp port 1683 and that using wireshark I get the protocol as MSNMS.

Sniffing packets is one thing but is there any way I can reconstruct the messages that are sent from one party to another?

Or are there better tools available that can do this job?

Wireshark only seem to display the start and final destination IP and the protocol.

Anyway, any wireshark tutorials?

Logged
hayabusa
Hero Member
*****
Offline Offline

Posts: 1304



View Profile
« Reply #1 on: August 02, 2010, 07:54:01 AM »
I've never tried sniffing MSN conversations, so someone else might have more specifics.  However, if the conversations are, in an way, encrypted, you'd need to have the proper certs, etc, to be able to decrypt the conversation.  If they are NOT, the  simply selecting one of the packets from the conversation, and right-clicking on it, you can choose 'Follow TCP Stream', and that'll separate out the conversation packets, and open a window of the decoded conversation between the two machines.

So, to clarify, if encrypted, prolly not.  If not, follow the stream, and see what you get.
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH
jimbob
Guest
« Reply #2 on: August 02, 2010, 09:19:54 AM »
If you right click on a TCP packet in wireshark there is an option to follow the TCP stream. Wireshark will filter all the packets from the given TCP connection and this might give you what you want.

Since this filters to a single TCP stream then you might want to make sure you haven't missed out some of the traffic. Take a look at the filter string and play around with it, perhaps filtering traffic on 1683 only. I've seen the tool Netwitness reconstruct chat sessions, there's a free version of that you can try.

As for tutorials for wireshark, <insert-name-of-search-engine-here> is your friend.

Jimbob
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1006



View Profile
« Reply #3 on: August 02, 2010, 09:28:40 AM »
I think that NetWitness is a better option for this.   It has some nice features for automatic packet reassembly.   I am not sure about MSN IM, but it does a fantastic job rebuilding email conversations for example.   
Logged
~~~~~~~~~~~~~~
Ketchup
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 3917


Editor-In-Chief


View Profile WWW
« Reply #4 on: August 04, 2010, 11:59:03 AM »
Just in case, you can download Netwitness Investigator HERE.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.265 seconds with 24 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.