This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 2 and 3
Revision 2 as of 2005-09-07 17:41:19
Size: 2995
Editor: MikeDuigou
Comment:
Revision 3 as of 2006-06-05 03:19:17
Size: 3000
Editor: localhost
Comment:
Deletions are marked like this. Additions are marked like this.
Line 20: Line 20:
XXX - Add example traffic here (as plain text or Ethereal screenshot). XXX - Add example traffic here (as plain text or Wireshark screenshot).
Line 22: Line 22:
== Ethereal == == Wireshark ==
Line 24: Line 24:
The IRC dissector is (fully functional, partially functional, not existing, ... whatever the current state is). Also add info of additional Ethereal features where appropriate, like special statistics of this protocol. The IRC dissector is (fully functional, partially functional, not existing, ... whatever the current state is). Also add info of additional Wireshark features where appropriate, like special statistics of this protocol.
Line 32: Line 32:
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically. XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
Line 37: Line 37:
A complete list of IRC display filter fields can be found in the [http://www.ethereal.com/docs/dfref/i/irc.html display filter reference] A complete list of IRC display filter fields can be found in the [http://www.wireshark.org/docs/dfref/i/irc.html display filter reference]

Internet Relay Chat (IRC)

(from [http://www.ietf.org/rfc/rfc1459.txt RFC 1459]) The IRC (Internet Relay Chat) protocol has been designed over a number of years for use with text based conferencing.

The IRC protocol has been developed on systems using the TCP/IP network protocol, although there is no requirement that this remain the only sphere in which it operates.

IRC itself is a teleconferencing system, which (through the use of the client-server model) is well-suited to running on many machines in a distributed fashion. A typical setup involves a single process (the server) forming a central point for clients (or other servers) to connect to, performing the required message delivery/multiplexing and other functions.

History

The IRC protocol began development in 1989 and was first implemented as a means for users on a BBS to chat amongst themselves. Now it supports a large number of world-wide network sof servers and clients, and is stringing to cope with growth. The average number of users connected to IRC networks has continuously grown since 1989 at an alarming rate.

Protocol dependencies

  • ["TCP"]: Typically, IRC uses ["TCP"] as its transport protocol. The well known TCP port for IRC traffic is 6667.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The IRC dissector is (fully functional, partially functional, not existing, ... whatever the current state is). Also add info of additional Wireshark features where appropriate, like special statistics of this protocol.

Preference Settings

(XXX add links to preference settings affecting how IRC is dissected).

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

  • attachment:SampleCaptures/irc.pcap

Display Filter

A complete list of IRC display filter fields can be found in the [http://www.wireshark.org/docs/dfref/i/irc.html display filter reference]

  • Show only the IRC based traffic:

     irc 

Capture Filter

You cannot directly filter IRC protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

  • Capture only the IRC traffic over the default port (6667):

     tcp port 6667 

Discussion

IRC (last edited 2008-04-12 17:50:23 by localhost)