[Snort-users] AIM decoding

JJ jjhorner at ...9914...
Wed Sep 17 07:10:11 EDT 2003


I was actually hoping someone had code that would pull the send/receive message alerts out of a MySQL database and print out the decoded chat session.  More specifically, I was hoping for perl.

At any rate, I will probably code something up that will pull the chat sessions, by date and IP, out of the MySQL server for use in waste, fraud and abuse (WFA) cases.

If anyone knows something that does this, please let me know.

JJ

---------------------
J. J. Horner
CISSP,CCNA,CHSS,CHP

-------- Original Message --------
From: Erek Adams <erek at ...950...>
To: "JJ" <jjhorner at ...9914...>
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] AIM decoding
Date: Wed, 17 Sep 2003 10:00:24 -0400 (EDT)

> On Wed, 17 Sep 2003, JJ wrote:
> 
> > I'm working decoding all of the AIM messages my snort box captures.
> >
> > I can pull out the text using some pretty low-tech means, but I'd like
> > to know if someone else has written an AIM decoder which will decode the
> > data from CHAT AIM send message and CHAT AIM receive message alerts and
> > be able to tell who said what, to whom, and when.
> >
> > Has anyone gotten code like this working yet?
> 
> Yep.  A few years ago.
> 
> > I hope I don't have to start sniffing through the Net::AIM module. . .
> 
> http://monkey.org/~dugsong/dsniff/
> 
> -----
> Erek Adams
> 
>    "When things get weird, the weird turn pro."   H.S. Thompson





More information about the Snort-users mailing list