Re: AIM decoding

[JP Vossen <vossenjp () netaxs com>]

> Date: Wed, 17 Sep 2003 10:09:33 -0400
> From: jjhorner () SAFe-mail net
> To: erek () snort org
> CC: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] AIM decoding
>
> I was actually hoping someone had code that would pull the send/receive
> message alerts out of a MySQL database and print out the decoded chat
> session.  More specifically, I was hoping for perl.

Max Vision wrote a Perl script called privmsg.pl that "takes the raw binary
log file, extracts the IRC chat sessions, and then converts the data so only
the conversations are displayed," according to page 69 of the HoneyNet book
_Know_Your_Enemy.  I know that's not *exactly* what you want (i.e. IRC v.
AIM), but it's better than nothing.  You can find it here [0.]

HTH,
JP

[0] http://www.honeynet.org/papers/honeynet/tools/privmsg
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users