Snort mailing list archives
RE: IM Logging - How to?
From: "Gonzalez, Albert" <albert.gonzalez () eds com>
Date: Fri, 17 Jan 2003 13:38:10 -0500
I suggest ethereal, you can pass it some BPF filters to concentrate on exactly what you want to sniff. I have used it to sniff port 5190 and see what AIM traffic is being sent on my network. -----Original Message----- From: Mike Shaw [mailto:mshaw () wwisp com] Sent: Friday, January 17, 2003 1:26 PM To: Matt Yackley; 'Angel Gabriel'; snort-users () lists sourceforge net Subject: RE: [Snort-users] IM Logging - How to? At 11:44 AM 1/17/2003 -0600, Matt Yackley wrote:
I believe that there is an IM capture util included with dsniff http://naughty.monkey.org/~dugsong/dsniff/ called msgsnarf, but since this package is a bit old I don't know how well it would work. Matt
I haven't had much luck with msgsnarf. It seems the products and protocols might have changed since then. I've used ngrep to snag IM transactions before. I think AIM is port 5190. MSN is a different port (can't remember). IIRC, yahoo's messenger uses http and is much harder to track states, etc. Maybe someone else has had better luck. -Mike ------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: IM Logging - How to? Matt Yackley (Jan 17)
- RE: IM Logging - How to? Mike Shaw (Jan 17)
- Re: IM Logging - How to? Ricardo LondoƱo (Jan 17)
- <Possible follow-ups>
- RE: IM Logging - How to? Gonzalez, Albert (Jan 17)
- RE: IM Logging - How to? Khera, Manish (US - New York) (Jan 17)
- RE: IM Logging - How to? Mike Shaw (Jan 17)