How do you sniff an IP using Live Messenger?
Posted 03 January 2010 - 12:27 AM
I'm a new user here, and I have a good programming and security related background. I know a few things here and there about hacking, but have never tried any as such.
Anyways, on to the topic of this post :
I was on Live Messenger, and was chatting with a "self-declared" hax0r. After sometime, he found out my IP (my personal IP, even though my ISP uses a proxy). I did not click on ANY link, my computer did not have any trojans/worms/viruses, and I definetely did not fall for any "direct connection" attempt.
All I did was talk to him. I believe he used ettercap/Wireshark to sniff my traffic, but would that give away my real IP? Wouldn't it just show my traffic through the Live messenger?
Please help me....
Posted 03 January 2010 - 12:47 AM
Posted 03 January 2010 - 01:01 AM
Posted 03 January 2010 - 05:25 AM
I think it's a patch to the direct connection trick which was used before. If you try netstat -a, you get the IP of the server to which the messenger is connecting to, and not the actual IP of the person.
Posted 05 January 2010 - 05:27 AM
He would have to be on the same network segment to be able to sniff your traffic using Ettercap. As for Wireshark anyone of the routers/devices which your traffic passes along from source/destination. Yes, if the sniffer sees the data meaning it's there then it would be be able parse out the IP header from which your IP would be located.
I believe he used ettercap/Wireshark to sniff my traffic, but would that give away my real IP?
Edited by schippystrich, 30 January 2010 - 04:12 AM.
Posted 17 January 2010 - 08:40 PM
Posted 29 January 2010 - 09:59 PM
this is an MSN ip grabber iv found. never tryed it but iv been meaning to get it. IDK if it works or no either ahah
its called IPGet v1.5
maybe this helps a lil... =)
Ok first off, that script does not work anymore.
Anyways, it is *supposed* to work by using Wireshark to sniff the MSNMS protocol and making your buddy change his/her display picture (or Avatar, but called a display picture in WLM). I have tried it, but it doesn't work, or atleast, I'm not able to generate the packet(s) containing the IP address of either my computer, or my friend's. The logic behind this is that when a display picture is changed, the cache in OUR computer is updated with your buddy's new display picture. This is initiated via a DCC to your computer. By analysing these packets, you're supposed to get the internal and the external IP address of the user. I was not able to generate any such package, anybody use Wireshark here?
Posted 27 February 2010 - 03:47 PM
So, a way of obtaining an IP (The one i usually end up doing) is getting them to send me an email.
Email headers contain alot of information and within all that is the X-Originating IP where their
IPA is found.
If you want to do it on the fly then i'd recommend you to send some random picture, then catch it.
For Windows users, A trick i used to do was i made a batch script that adds binary data to a picture in a
continuous loop, extending the filesize as it loops. This has proven a good method for sendin "small"
pictures but since their size is constantly growing, the download process extends.
The trick here is to send the file and when the contact starts downloading, execute the batch file
that adds big blocks of random data to the image. This will give you a bigger window for catching the IPA.
There are really alot of ways to do a simple task in the computer world, you just have to start from
where you are most comfortable with.
Anyone is free to correct anything I have posted... and my english is not perfect. (Not my first language)
BinRev is hosted by the great people at Lunarpages!