[Snort-users] IM Logging - How to?
albert.gonzalez at ...7950...
Fri Jan 17 10:39:02 EST 2003
I suggest ethereal, you can pass it some BPF filters to
concentrate on exactly what you want to sniff. I have used
it to sniff port 5190 and see what AIM traffic is being sent
on my network.
From: Mike Shaw [mailto:mshaw at ...3165...]
Sent: Friday, January 17, 2003 1:26 PM
To: Matt Yackley; 'Angel Gabriel'; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] IM Logging - How to?
At 11:44 AM 1/17/2003 -0600, Matt Yackley wrote:
>I believe that there is an IM capture util included with dsniff
>http://naughty.monkey.org/~dugsong/dsniff/ called msgsnarf, but since this
>package is a bit old I don't know how well it would work.
I haven't had much luck with msgsnarf. It seems the products and protocols
might have changed since then.
I've used ngrep to snag IM transactions before. I think AIM is port
5190. MSN is a different port (can't remember).
IIRC, yahoo's messenger uses http and is much harder to track states,
etc. Maybe someone else has had better luck.
This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will
allow you to extend the highest allowed 128 bit encryption to all your
clients even if they use browsers that are limited to 40 bit encryption.
Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users