[Snort-users] OT: Recording IM sessions

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Wed Jun 22 06:58:28 EDT 2005


--On 21 June 2005 16:21 -0700 Chris Lyon <cslyon at ...11827...> wrote:

> This might be a little off topic but we have gotten a few alerts, from
> snort, for people saying things they should not be saying on the
> internet. The problem is, it is a little hard to put the conversation
> back to together and I was wondering if there is a program that is out
> there that will put together IM sessions for me. Any ideas or
> feedback?

Use snort's session tagging on IM rules, log via FLoP, and reassemble 
sessions from the database using FLoP's 'getpacket'. Load the file into 
ethereal, and 'follow TCP stream'.

Best Regards,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-users mailing list