Wireshark-users: [Wireshark-users] Sniffing AIM traffic
I've been playing around with Wireshark recently, attempting to get familiar with the app and with traffic analyzing. I wanted to see what would happen if I tried sniffing AIM traffic from one of the PCs on my LAN.
When AIM is connecting to the oscar server directly, I'll see no AIM traffic at all. I sign on/off (I see the HTTP traffic generated by this process, but nothing else), send messages, get buddy info, etc. but Wireshark isn't picking up any AIM packets. I have the filter set to only view traffic from the host running AIM. When I route AIM through my Squid proxy, I can see everything as HTTP requests. I've gone through all my settings, which I haven't changed since installation, and can't see anything wrong with them.
Is there something that I'm missing here? Am I looking at the wrong traffic? I've tried with no filters, as well as filtering by port and host.
At first I thought that my NIC wasn't dropping into promiscuous mode properly or something, but I can still seea lot of traffic from other hosts on my network. I also tried sniffing from my windows machine using Wireshark, but with the same results.
Any help would be very appreciated.
Thank you.
