[Snort-users] IM Logging - How to?
mshaw at ...3165...
Fri Jan 17 10:27:03 EST 2003
At 11:44 AM 1/17/2003 -0600, Matt Yackley wrote:
>I believe that there is an IM capture util included with dsniff
>http://naughty.monkey.org/~dugsong/dsniff/ called msgsnarf, but since this
>package is a bit old I don't know how well it would work.
I haven't had much luck with msgsnarf. It seems the products and protocols
might have changed since then.
I've used ngrep to snag IM transactions before. I think AIM is port
5190. MSN is a different port (can't remember).
IIRC, yahoo's messenger uses http and is much harder to track states,
etc. Maybe someone else has had better luck.
More information about the Snort-users