{"id":145,"date":"2007-12-19T23:45:08","date_gmt":"2007-12-20T07:45:08","guid":{"rendered":"http:\/\/raffy.ch\/blog\/2007\/12\/19\/network-captures-im-decoding\/"},"modified":"2007-12-19T23:45:26","modified_gmt":"2007-12-20T07:45:26","slug":"network-captures-im-decoding","status":"publish","type":"post","link":"https:\/\/raffy.ch\/blog\/2007\/12\/19\/network-captures-im-decoding\/","title":{"rendered":"Network Captures &#8211; IM decoding"},"content":{"rendered":"<p>I just had a moment of awe. I was playing around with packet captures and was wondering whether Wireshark would still ship with a command line alternative for the GUI version. I always liked Ethereal for its protocol analysis capabilities. I pretty quickly found out that the command line version was still maintained. Now called <strong>tshark<\/strong>. I was sort of shocked, when I realized how much protocol traffic was actually decoded:<\/p>\n<p><code>~\/tmp$ sudo tshark -ni en1<br \/>\nCapturing on en1<br \/>\n2.004403 192.168.0.12 -&gt; 207.46.27.163 MSNMS USR 1 YYYYYYY@hotmail.com 1452999922.70216123.6471199<br \/>\n3.672270 205.188.8.233 -&gt; 192.168.0.12 AIM Buddylist Offgoing Buddy: ZZZZZZZZZZ<br \/>\n3.673979 205.188.7.244 -&gt; 192.168.0.12 AIM Buddylist Offgoing Buddy: ZZZZZZZZZZ<br \/>\n5.136301 207.46.27.163 -&gt; 192.168.0.12 MSNMS [TCP Retransmission] USR 1 OK YYYYY@hotmail.com Raffael%20Marty<br \/>\n5.136735 192.168.0.12 -&gt; 207.46.27.163 MSNMS CAL 2 XXXXXX@hotmail.com<br \/>\n5.174140 207.46.27.163 -&gt; 192.168.0.12 MSNMS CAL 2 RINGING 1111111111<br \/>\n6.750004 207.46.27.163 -&gt; 192.168.0.12 MSNMS JOI XXXXXXX@hotmail.com XXXX%20Buding%20in%20boston<\/code><\/p>\n<p>It understands the IM protocols (above version is anonymized)! I wonder how I could exploit this for some interesting visualization.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I just had a moment of awe. I was playing around with packet captures and was wondering whether Wireshark would still ship with a command line alternative for the GUI version. I always liked Ethereal for its protocol analysis capabilities. I pretty quickly found out that the command line version was still maintained. Now called [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-145","post","type-post","status-publish","format-standard","hentry","category-log-analysis"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts\/145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/comments?post=145"}],"version-history":[{"count":0,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts\/145\/revisions"}],"wp:attachment":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/media?parent=145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/categories?post=145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/tags?post=145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}