LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-08-2003, 11:06 AM   #1
phishintrip
Member
 
Registered: Jun 2003
Distribution: Slack9, Red Hat 8.1
Posts: 117

Rep: Reputation: 15
ethereal ?


i am running ethereal and capturing packets while i chat with my friend on aol instant messager. The wierd thing is that i dont see his ip as the source. do i have something set up wrong? how do i enable it so i can see his ip?
 
Old 07-08-2003, 12:49 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Most IM services including AIM use a server to comunicate and do not connect directly. This is partly designed to stop you doing exactly what you are trying. The system is as follows:
Code:
       [Friend's PC]
            ||
            \/
        {INTERNET}
            ||
            \/
       [AIM Server]
            ||
            \/
        {INTERNET}
            ||
            \/
          [You]
 
Old 07-08-2003, 12:51 PM   #3
hakcenter
Member
 
Registered: Apr 2003
Location: Not to far from the computer screen
Distribution: RedHat 9.0
Posts: 324

Rep: Reputation: 30
try direct connections or file transfers.

(c'mon he wanted the ip)
 
Old 07-08-2003, 12:56 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Quote:
Originally posted by hakcenter
try direct connections or file transfers.

(c'mon he wanted the ip)
If he wants the IP then he should ask for it.

Services like AIM and MSN are geared to prevent such possibilities.
 
Old 07-08-2003, 01:04 PM   #5
phishintrip
Member
 
Registered: Jun 2003
Distribution: Slack9, Red Hat 8.1
Posts: 117

Original Poster
Rep: Reputation: 15
obviously, my intentions are misunderstood but guess what, "I don't care!" hmmmm...... how bout that! Yeah, i am trying to track the ip thru aol im. of course, I ALREADY KNOW HIS IP!!!! Damn, he's my friend. In fact, he is the sys admin for the ISP!!!!!! In fact, if i wanted to reroute all his traffic to my box and watch it, i have his full permission and since he is the person they call when you do something like that i would be allowed to do it. So basically, if you are dogging me for thinking i want to hack people and screw there stuff up then this is for you,

"FUCK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
and if you kick me off the board for this message i dont care either

So yes, i am trying to get his IP
 
Old 07-08-2003, 01:05 PM   #6
phishintrip
Member
 
Registered: Jun 2003
Distribution: Slack9, Red Hat 8.1
Posts: 117

Original Poster
Rep: Reputation: 15
sorry if i got pissed but i hack for my own security purposes and i am trying to learn and it is very discouraging to not be helped or accused otherwise
 
Old 07-08-2003, 01:07 PM   #7
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Quote:
Originally posted by phishintrip
sorry if i got pissed but i hack for my own security purposes and i am trying to learn and it is very discouraging to not be helped or accused otherwise
I wasn't saying you were trying to hack him - I was merely pointing out that tracking his IP via AIM will not be possible since you NEVER communicate with HIM directly. ALL communication goes via a server.
 
Old 07-08-2003, 01:12 PM   #8
hakcenter
Member
 
Registered: Apr 2003
Location: Not to far from the computer screen
Distribution: RedHat 9.0
Posts: 324

Rep: Reputation: 30
lol nice discussion, i been in other threads.

trying a direct connection or a file transfer will usually 'setup' a connection to their machine, where then you can get the ip.

dont see much wrong doing, you could use 'ping' to locate the ip of yahoo, oh nos!
 
Old 07-08-2003, 01:35 PM   #9
phishintrip
Member
 
Registered: Jun 2003
Distribution: Slack9, Red Hat 8.1
Posts: 117

Original Poster
Rep: Reputation: 15
sorry i got so mad then, its just that sometimes when i dont get responses to questions i feel like its because people think i am trying to hack other people and thats been happening a lot lately especially when i ask questions about ethereal. I am a complete noob and i realize there are lots of scriptkiddies and malicious peoples but i have been trudging thru a lot of this crap to find real info about how tcp/ip works, where weaknesses are, etc. I plan to set up a web server and intranet at my company soon and i figure the only way to be secure is to know the holes. I do have full permission from my ISP (well, he's my good friend so) and the owner of the computer (same person) to do all the hacking stuff i want as long as i dont mess anything up. With that in mind if i ask questions that seem like i am trying to hack people, I am. Mostly, that person is myself and if not its my friend that is helping me learn. He is the sys admin so he doesn't have a lot of time to answer my dumb noob questions so i come here where i have not gotten the response i am looking for most of the time. I get shit like a samba question (which i know people use) with like 50 views and no responses. I am the one that just assumed that this is because i try to hack because my friends at work accuse me of hacking there machine every time their windows crashes. I try to explain to them that that is in windows nature. It doesn't need to be hacked to crash. Anyway, sorry for the language!
 
Old 07-08-2003, 01:35 PM   #10
phishintrip
Member
 
Registered: Jun 2003
Distribution: Slack9, Red Hat 8.1
Posts: 117

Original Poster
Rep: Reputation: 15
yeah i know im a hothead........ex-marine, rugby player, what do ya expect?
 
Old 07-08-2003, 01:44 PM   #11
hakcenter
Member
 
Registered: Apr 2003
Location: Not to far from the computer screen
Distribution: RedHat 9.0
Posts: 324

Rep: Reputation: 30
well there is 1 hell of a funny story on grc.com where the guy was ddos'd by a 13 year old.

Most applications with big names are supposed to make us feel as secure as possible. Application services like 'instant messaging' would require the use of a central server, just to make sure that not malicious activity would be going on. Imagine all the people using AIM or ICQ, imagine if their computer information was handy if they just signed on.

I know a few years back, ICQ could be patched to let you know the persons ip. But most those days are gone.

You just need to understand connections.

Going to use aim as the topic discussion:

John begins chatting with Jane.
John wants to show Jane a picture he has.
John requests a direct connection to Jane, and Jane accepts.
Now John inserts his picture and sends it to Jane, Jane likes the bondage picture .
Eventually John gets disconnected from AIM, but left the window he had with Jane up. (Little did he know, his kid brother signed on as him in the other room)
Soon thereafter John still recieves messages from Jane, even though he is not 'signed' on AIM.

How?

This is a pretty normal cause to use a server for regular chatting.
 
Old 07-08-2003, 01:52 PM   #12
phishintrip
Member
 
Registered: Jun 2003
Distribution: Slack9, Red Hat 8.1
Posts: 117

Original Poster
Rep: Reputation: 15
so what's jane's aim name?


lol............bondage is so cool!! <--- in a cartman kinda voice

allright i understand now

here's another question then, when i am setting up my iptables should i just build a set of rules in the INPUT, OUTPUT, FORWARD chains (or tables i guess) or should i create my own tables and send things thru those?

What is the reason for having a table like say 'Red Hat 9.0' or something like that that you see with the red hat standard firewall?
 
Old 07-08-2003, 01:58 PM   #13
hakcenter
Member
 
Registered: Apr 2003
Location: Not to far from the computer screen
Distribution: RedHat 9.0
Posts: 324

Rep: Reputation: 30
i dunno cause they feel obligated to make it non standard and confusing?

btw the answer was that john and jane setup a tcp connection with each other outside the server.

You aren't really going to want to setup a input chain firewall, if hes going to pass you traffic, but you will want to setup a deviated forward setup to just sniff the traffic.

your going to want to enable ipv4 forwarding, and i pray you have a hugh bandwidth connection, or he has a small client base :P
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ethereal arunachalam Linux - Networking 2 11-09-2005 08:34 AM
ethereal tomahawktr Linux - Software 0 09-13-2005 08:19 AM
Ethereal defy Linux - Networking 4 07-28-2004 03:55 PM
ethereal juanb Linux - Software 6 01-01-2003 09:00 AM
Help with Ethereal... gandalf7 Linux - Newbie 1 09-12-2002 01:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration