Capturing instant messages
Ed Leafe
ed at leafe.com
Tue Jul 18 08:26:49 EDT 2006
On Jul 18, 2006, at 7:36 AM, Nick Vatamaniuc wrote:
> It depends on what IM protocol the company is using. If there is more
> than one, your job might end up being quite complicated. You indicated
> port 5190 in your post, does it mean that the company is using only
> AOL
> IM?
Yes, they've told me that the users routinely use AIM to contact
clients and each other. I don't believe that their firewalls permit
other IM protocols.
> 1) As far as capturing the traffic, I would use a specific tool like
> tcpick ( a cousin of tcpdump but actually dumps the data to console
> not
> just the headers and recreates the tcp streams -- good stuff!). Again
> if you know the exact port number and the exact protocol this might be
> very easy because you will set up your capturing program to capture
> traffic from only 1 port.
Thanks; I'll have to play around with tcpick today.
> 2) The decoding will depend on your protocol, if you have more than
> one
> IM protocol then the capture idea from above won't work too well, you
> will have to capture all the traffic then decode each stream, for each
> side, for each protocol.
I guess I'll have to start googling for AIM decoding information.
> 3) Recording or replay is easy. Save to files or dump to a MySQL table
> indexed by user id, timestamp, IP etc. Because of buffering issues
> you
> will probably not get a very accurate real-time monitoring system with
> this setup.
They aren't interested in real-time monitoring; their main concern
is Sarb-ox compliance.
Thanks for your help!
-- Ed Leafe
-- http://leafe.com
-- http://dabodev.com
More information about the Python-list
mailing list