This is a static archive of our old Q&A Site. Please post any new questions and answers at

Not able to filter YMSG in wireshark packet sniffer!


Hi there,I want to read the ymsg packets to understand its protocol at different request from the client,so I tried to use wireshark packet sniffer to trace the packets of Yahoo messanger.Wireshark is tracing the tcp,udp,https packets but I find no ymsg packets in the list even though I am using yahoo messanger.Any idea why isnt working for me?

NOTE:I am using a proxy enabled network to connect to the internet.

asked 20 Apr '11, 01:55

kiddo's gravatar image

accept rate: 0%

edited 27 Apr '11, 19:25

Bill%20Meier's gravatar image

Bill Meier ♦♦

Any idea why isnt working for me?

The short answer: no

The longer answer: you'll need to do some digging to see what's going on.

Wireshark has the capability to dissect the the YMSG protocol.

It looks for TCP packets which have YMSG as the first 4 bytes of the TCP payload.

(Continued in the next comment)

(27 Apr '11, 19:23) Bill Meier ♦♦

The first thing I would do is to search the capture for the string "YMSG": Wireshark ! Edit ! Find packet.

If there are no frames with the string YMSG then there's something fishy about how the capture is being done or with the client. In this case you'd need to describe your [capture] setup:

Are you capturing on the same computer as the YMSG client is being run, etc etc...

If there are packets with the string YMSG (which are not dissected as YMSG) then the question becomes why aren't the packets recognized as YMSG.

So: first: Are there any packets with the string YMSG in your capture ?

(27 Apr '11, 19:24) Bill Meier ♦♦