how to sniff?

i have dsniff, on my livecd of backtrack linux, and i want to listen to someone other communication on the network.. the target's machine internal network ip is 192.168.2.180, and the icq port is 5194. my question, i know it's lame, is, how can i do this? i'm not too experienced in this… and my second question… can i listen only at the local network, or can i listen to machine that is not on my local network? thanks

I think this is what you're looking for:

http://monkey.org/~dugsong/dsniff/faq.html

dancuc wrote: i have dsniff, on my livecd of backtrack linux, and i want to listen to someone other communication on the network.. the target's machine internal network ip is 192.168.2.180, and the icq port is 5194. my question, i know it's lame, is, how can i do this? i'm not too experienced in this… and my second question… can i listen only at the local network, or can i listen to machine that is not on my local network? thanks

i use ethereal/wireshark. you set it to capture the traffic, and then it's easy to set it to view the text streams from the AIM/ICQ port. wireshark is also on backtrack and you can figure things out without a faq/tutorial. really easy.

thanks, i'm now testing it… anyone knows which port uses qip? if the target person uses qip, it must work on another port than icqlite, or no?

Buy it from a reputable dealer:

Sort it in thin lines, so it looks (something) like:

Then, blow your brains AWAY and expect the greatest trip of your life:

If the stuff melts around 100 degrees, it's cheap. Search for the real deal, it melts at 130 it's alright, 160 is insane. Call the hospital beforehand. 195 = pure. Lethal too.

That's what I got from the movies anyway.

hellz yeah

dancuc wrote: thanks, i'm now testing it… anyone knows which port uses qip? if the target person uses qip, it must work on another port than icqlite, or no?

well, yes and no. qip is an icq client, so i'm betting that it uses the aim port which you mentioned, although i really don't know if it's able to use it while icqlite uses it at the same time. why not give it a try? get wireshark to work and send a random message to someone via qip. you really can't get any info off the net because the qip page is in russian.

anyways, you don't have to know what port it uses, as long as WS is set to capture all traffic. you'll just need a little more time to find the packets.

the fastest way to go is to test it on yourself.

slaps his forehead sometimes i complicate things way too much.

just download qip (2 megs), install it, and view the settings. there should be a default port there.

They do have an English version, btw. http://qipim.com/en/

While on the topic on drugs, why not use the packet sniffer known to run as if it were on STEROIDS, Ferret! It's experimental, and just came out of the "Blackhat 2007" Conference in Las Vegas, NV.

For more information: http://www.erratasec.com/ferret.html

netfish, wtf?!

you can use ethereal, but u have to arp poison the network, if its using an router and not an hub