Filter some Interesting Wireshark Packets for Noobs
I am still a noob so please forgive me if these tips are not elegant.
I found Wireshark a bit overwhelming until I got used to using some of the Capture filters and Display filters, and still do a little but here are a few things that other noobs starting out playing with it might find interesting. (note Caps are important where shown)
(For Yahoo Mail)
Capture Filter
port 80
Display Filter
xml contains YahooMail
(For Hotmail)
Capture Filter
port 80
Display Filter
tcp contains MessageBody
(For MSN Messenger)
Capture Filter
port 1863
Display Filter
msnms contains plain
(For Facebook Chat)
Capture Filter
port 80
Display Filter
http contains msg_text
(For Some Emails)
Capture Filter
port 80
Display Filter
http contains EmailText
or you can combine them all together
Capture Filter
port 80 or port 1863
Display Filter
xml contains YahooMail or tcp contains MessageBody or msnms contains plain or http contains msg_text or http contains EmailText
Have fun and please don't do anything illegal.
Last edited by joeguest2; 10-02-2010 at 09:41 AM.
Posting Permissions
