Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Sniffing AIM traffic

From: "Mike W" <mike.wilhide@xxxxxxxxx>
Date: Wed, 23 May 2007 11:22:52 -0400
I've been playing around with Wireshark recently, attempting to get familiar with the app and with traffic analyzing.  I wanted to see what would happen if I tried sniffing AIM traffic from one of the PCs on my LAN.

When AIM is connecting to the oscar server directly, I'll see no AIM traffic at all.  I sign on/off (I see the HTTP traffic generated by this process, but nothing else), send messages, get buddy info, etc.  but Wireshark isn't picking up any AIM packets.  I have the filter set to only view traffic from the host running AIM.  When I route AIM through my Squid proxy, I can see everything as HTTP requests.  I've gone through all my settings, which I haven't changed since installation, and can't see anything wrong with them.

Is there something that I'm missing here?  Am I looking at the wrong traffic?  I've tried with no filters, as well as filtering by port and host.

At first I thought that my NIC wasn't dropping into promiscuous mode properly or something, but I can still seea lot of traffic from other hosts on my network.  I also tried sniffing from my windows machine using Wireshark, but with the same results.

Any help would be very appreciated.

Thank you.