[Snort-users] AIM decoding

JP Vossen vossenjp at ...8683...
Wed Sep 17 23:13:06 EDT 2003


> Date: Wed, 17 Sep 2003 10:09:33 -0400
> From: jjhorner at ...9914...
> To: erek at ...950...
> CC: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] AIM decoding
>
> I was actually hoping someone had code that would pull the send/receive
> message alerts out of a MySQL database and print out the decoded chat
> session.  More specifically, I was hoping for perl.

Max Vision wrote a Perl script called privmsg.pl that "takes the raw binary
log file, extracts the IRC chat sessions, and then converts the data so only
the conversations are displayed," according to page 69 of the HoneyNet book
_Know_Your_Enemy.  I know that's not *exactly* what you want (i.e. IRC v.
AIM), but it's better than nothing.  You can find it here [0.]

HTH,
JP

[0] http://www.honeynet.org/papers/honeynet/tools/privmsg
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?





More information about the Snort-users mailing list