If you have tried to sniff the packet traffic of an ongoing MSN chat (with a Wireshark client), you will notice that the protocol used between the sender and the recipient is msnp (1863).
Enter "msnms" in the Wireshark display Filter text box to narrow down the display packets if you did not use any capture filter during the Wireshark capture.
In the screen capture below, ip address 192.168.1.106 is my desktop.
To figure out the "owner" of ip address 64.4.37.20, I use the Whois feature from the website www.samspade.org. If you would like to resolve the ip_address-to-dns_name, use nslookup.
From the information gathered from this snoop capture, we find out that my desktop establishes a connection to the MSN Hotmail server instead of a direct connection to the ip address of the remote MSN friend whom I was having a text conversation with.
Office Work
6 years ago
Post a Comment