capture the traffic going from any port

venki · 07-02-2007, 01:30 AM

Hi all,
i want to capture the traffic that is going from any port!
say MSN. .msn port is 1863.
whn i am chatting with my friend all the data should be captured and log in to a file that should be readable..
plz help me if there are any tools,supporting this.
i worked on ethereal but it is not showing any data.

thks in advance

acid_kewpie · 07-02-2007, 01:59 AM

you can capture traffic with wireshark (ethereal) or tcpdump, but being readable is very subjective... what do you want to read about it?? if ethereal didn't show *anything* then you're just not using it correctly... it's still the right tool for the job.

venki · 07-02-2007, 02:11 AM

Thks sir,
I have started ethreal,packets are capturing! but when i started chatting with my friend, all the chat logs are not visible to me!
i want to see that chat logs in ethreal! plz help

acid_kewpie · 07-02-2007, 03:45 AM

wireshark seems fine at deoding msn with the msnms decoder. check the wiki for a sample to compare to http://wiki.wireshark.org/MSNMS

venki · 07-02-2007, 04:03 AM

yes sir it is showing MSNMS perfectly,
1094 35.655662 207.46.27.38 192.168.1.39 MSNMS MSG nagesh.venkat@hotmail.com Venkat 53
this is the information i am getting!
how can i see the data that venkat is transfered through MSN!

siyisoy · 07-02-2007, 04:58 AM

If you need an msn sniffer you can use scanhill

venki · 07-02-2007, 06:31 AM

/usr/lib64/gcc/x86_64-suse-linux/4.1.2/../../../../x86_64-suse-linux/bin/ld: cannot find -liconv
is the error coming!
i tried lot of forums still no use!!
plzz help me

acid_kewpie · 07-02-2007, 06:46 AM

just read the data payload, it's all shown there for you...

venki · 07-02-2007, 07:10 AM

where will we find this data payload?

Gigantic · 07-02-2007, 07:10 AM

So, this is a girl's IM that you want to spy or there's no specific target yet?

acid_kewpie · 07-02-2007, 07:24 AM

just expand the high level protocol data on the packet tree (normally the bottom entry on pane in the middle on wireshark), you'll see a fairly standard HTTP-u-like data header, and after "\r\n" the next line should be the text in the message itself. there isn't always text in each message though, there's plenty of control data to wade through as well.

venki · 07-02-2007, 07:44 AM

I am very thks sir that u are replying for my doubts.
i found MSN Messenger Service
in that
MSG pradeep.malineni@hotmail.com MALINENI 101\r\nMSG
MIME-Version: 1.0\r\n
Content-Type: text/x-msmsgscontrol\r\n
TypingUser: pradeep.malineni@hotmail.com\r\n
\r\n
\r\n

that's it! i din't find the data he written to me..
sorry for making u trouble

venki · 07-03-2007, 12:55 AM

Is there a way to find the data...??
can we debug it!!

acid_kewpie · 07-03-2007, 02:14 AM

i already told you not all the packets have actual text in them. i assume that's just one of those "usre bob is typing a message" things. just look for longer packets.

venki · 07-04-2007, 02:33 AM

acid_kewpie thks a lot! i am able to view the data,but using etheral alias wireshark..can we save the data to any file.
it is saving all the contents ,i want just data to be copied in to a file..