11 replies to this topic

[Mr_H4N]

Hi guys, first off, a very happy new year.

I'm a new user here, and I have a good programming and security related background. I know a few things here and there about hacking, but have never tried any as such.
Anyways, on to the topic of this post :

I was on Live Messenger, and was chatting with a "self-declared" hax0r. After sometime, he found out my IP (my personal IP, even though my ISP uses a proxy). I did not click on ANY link, my computer did not have any trojans/worms/viruses, and I definetely did not fall for any "direct connection" attempt.
All I did was talk to him. I believe he used ettercap/Wireshark to sniff my traffic, but would that give away my real IP? Wouldn't it just show my traffic through the Live messenger?

Please help me....

Thanks,

Mr_H4N.

[tekio]

The best way to find out is to get two MSN Messenger accounts and possibly two different internet connections and do a little investigating. personally, I do not know how MSN Messenger works; is it a direct connection between the clients, or do the clients communicate through a server? A little experimenting should give the answer.

[dinscurge]

hmm.. ive never tried with 2 accs/computers but whenever ive filtered it it does show username/email on the packetz/wireshark shows it. but it gives generic sender/destination so it does use a server. maybe sending files or something idk.

[Mr_H4N]

Well, it works by connecting to the Live Messenger's server. The connection takes place through that.
I think it's a patch to the direct connection trick which was used before. If you try netstat -a, you get the IP of the server to which the messenger is connecting to, and not the actual IP of the person.

[SchippStrich]

I believe he used ettercap/Wireshark to sniff my traffic, but would that give away my real IP?

He would have to be on the same network segment to be able to sniff your traffic using Ettercap. As for Wireshark anyone of the routers/devices which your traffic passes along from source/destination. Yes, if the sniffer sees the data meaning it's there then it would be be able parse out the IP header from which your IP would be located.

Edited by schippystrich, 30 January 2010 - 04:12 AM.

[Powermaniac7]

Link scroll down the page and your questions shall be answered.

[dinscurge]

Link scroll down the page and your questions shall be answered.

ha lucky guess lols. ty fro linkz

[Aghaster]

Most of the traffic that goes through windows live messenger is proxied through Microsoft's servers. To get someone else's IP address you'll need to trigger a part of the protocol that will establish a direct connection between you and the other person, that can usually be done with a large file transfer or during a webcam session. Beware that file transfers can also be proxied through Microsoft, which can normally be noticed by the super slow transfer speed. Google about it, and you'll find a couple of guides that will tell you what can cause a direct connection between you and the other person, long enough so that you can use netstat to see your system's current connection, to then guess which one is the good one.

[CYB]

this is an MSN ip grabber iv found. never tryed it but iv been meaning to get it. IDK if it works or no either ahah

its called IPGet v1.5

maybe this helps a lil... =)

http://rapidshare.co.../IPGet_1.50.rar

[Mr_H4N]

this is an MSN ip grabber iv found. never tryed it but iv been meaning to get it. IDK if it works or no either ahah

its called IPGet v1.5

maybe this helps a lil... =)

http://rapidshare.co.../IPGet_1.50.rar

Ok first off, that script does not work anymore.

Anyways, it is *supposed* to work by using Wireshark to sniff the MSNMS protocol and making your buddy change his/her display picture (or Avatar, but called a display picture in WLM). I have tried it, but it doesn't work, or atleast, I'm not able to generate the packet(s) containing the IP address of either my computer, or my friend's. The logic behind this is that when a display picture is changed, the cache in OUR computer is updated with your buddy's new display picture. This is initiated via a DCC to your computer. By analysing these packets, you're supposed to get the internal and the external IP address of the user. I was not able to generate any such package, anybody use Wireshark here?

[Syx]

Sorry if i bump this, I'm new around here.

So, a way of obtaining an IP (The one i usually end up doing) is getting them to send me an email.
Email headers contain alot of information and within all that is the X-Originating IP where their
IPA is found.

If you want to do it on the fly then i'd recommend you to send some random picture, then catch it.

For Windows users, A trick i used to do was i made a batch script that adds binary data to a picture in a
continuous loop, extending the filesize as it loops. This has proven a good method for sendin "small"
pictures but since their size is constantly growing, the download process extends.

The trick here is to send the file and when the contact starts downloading, execute the batch file
that adds big blocks of random data to the image. This will give you a bigger window for catching the IPA.

There are really alot of ways to do a simple task in the computer world, you just have to start from
where you are most comfortable with.

Anyone is free to correct anything I have posted... and my english is not perfect. (Not my first language)

[elvis parker]

this is an MSN ip grabber iv found. never tryed it but iv been meaning to get it. IDK if it works or no either ahah

its called IPGet v1.5

maybe this helps a lil... =)

http://rapidshare.co.../IPGet_1.50.rar

This will not work on windows 7.