Sign in to follow this  
Followers 0
Mr_H4N

How do you sniff an IP using Live Messenger?

12 posts in this topic

Hi guys, first off, a very happy new year.

I'm a new user here, and I have a good programming and security related background. I know a few things here and there about hacking, but have never tried any as such.

Anyways, on to the topic of this post :

I was on Live Messenger, and was chatting with a "self-declared" hax0r. After sometime, he found out my IP (my personal IP, even though my ISP uses a proxy). I did not click on ANY link, my computer did not have any trojans/worms/viruses, and I definetely did not fall for any "direct connection" attempt.

All I did was talk to him. I believe he used ettercap/Wireshark to sniff my traffic, but would that give away my real IP? Wouldn't it just show my traffic through the Live messenger?

Please help me....

Thanks,

Mr_H4N.

0

Share this post


Link to post
Share on other sites

The best way to find out is to get two MSN Messenger accounts and possibly two different internet connections and do a little investigating. personally, I do not know how MSN Messenger works; is it a direct connection between the clients, or do the clients communicate through a server? A little experimenting should give the answer.

0

Share this post


Link to post
Share on other sites

hmm.. ive never tried with 2 accs/computers but whenever ive filtered it it does show username/email on the packetz/wireshark shows it. but it gives generic sender/destination so it does use a server. maybe sending files or something idk.

0

Share this post


Link to post
Share on other sites

Well, it works by connecting to the Live Messenger's server. The connection takes place through that.

I think it's a patch to the direct connection trick which was used before. If you try netstat -a, you get the IP of the server to which the messenger is connecting to, and not the actual IP of the person.

0

Share this post


Link to post
Share on other sites
I believe he used ettercap/Wireshark to sniff my traffic, but would that give away my real IP?

He would have to be on the same network segment to be able to sniff your traffic using Ettercap. As for Wireshark anyone of the routers/devices which your traffic passes along from source/destination. Yes, if the sniffer sees the data meaning it's there then it would be be able parse out the IP header from which your IP would be located.

Edited by schippystrich
0

Share this post


Link to post
Share on other sites

Link scroll down the page and your questions shall be answered.

ha lucky guess lols. ty fro linkz

0

Share this post


Link to post
Share on other sites

Most of the traffic that goes through windows live messenger is proxied through Microsoft's servers. To get someone else's IP address you'll need to trigger a part of the protocol that will establish a direct connection between you and the other person, that can usually be done with a large file transfer or during a webcam session. Beware that file transfers can also be proxied through Microsoft, which can normally be noticed by the super slow transfer speed. Google about it, and you'll find a couple of guides that will tell you what can cause a direct connection between you and the other person, long enough so that you can use netstat to see your system's current connection, to then guess which one is the good one.

0

Share this post


Link to post
Share on other sites

this is an MSN ip grabber iv found. never tryed it but iv been meaning to get it. IDK if it works or no either ahah

its called IPGet v1.5

maybe this helps a lil... =)

http://rapidshare.com/files/133356881/IPGet_1.50.rar

Ok first off, that script does not work anymore.

Anyways, it is *supposed* to work by using Wireshark to sniff the MSNMS protocol and making your buddy change his/her display picture (or Avatar, but called a display picture in WLM). I have tried it, but it doesn't work, or atleast, I'm not able to generate the packet(s) containing the IP address of either my computer, or my friend's. The logic behind this is that when a display picture is changed, the cache in OUR computer is updated with your buddy's new display picture. This is initiated via a DCC to your computer. By analysing these packets, you're supposed to get the internal and the external IP address of the user. I was not able to generate any such package, anybody use Wireshark here?

0

Share this post


Link to post
Share on other sites

Sorry if i bump this, I'm new around here.

So, a way of obtaining an IP (The one i usually end up doing) is getting them to send me an email.

Email headers contain alot of information and within all that is the X-Originating IP where their

IPA is found.

If you want to do it on the fly then i'd recommend you to send some random picture, then catch it.

For Windows users, A trick i used to do was i made a batch script that adds binary data to a picture in a

continuous loop, extending the filesize as it loops. This has proven a good method for sendin "small"

pictures but since their size is constantly growing, the download process extends.

The trick here is to send the file and when the contact starts downloading, execute the batch file

that adds big blocks of random data to the image. This will give you a bigger window for catching the IPA.

There are really alot of ways to do a simple task in the computer world, you just have to start from

where you are most comfortable with.

Anyone is free to correct anything I have posted... and my english is not perfect. (Not my first language)

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0