Capturing instant messages

[Yu-Xi Lim]

Nick Vatamaniuc wrote:
> Assuming a one person per one machine per one chat protocol it might be
> possible to recreate the tcp streams (a lot of packet capturing devices
> already do that). So the gateway would have to have some kind of a
> dispatch that would recognize the initialization of a chat loggon and
> start a capture process for each such connection. I imagine with a 1000
> employess he will end up with a 1000 processes running at the same
> time. Another way is to capture all the streams at once that deal with
> the chat protocol and ports and then replay them later and somehow
> cre-create the tcp streams and chat messages in a cron batch job (at
> night or weekend).

As I said, it's tedious, not impossible. :) The AIM Sniff project (perl,
not Python) does most of what you describe, but has bugs because of the
approach.

You're also ignoring the fact that each person may chat with more than
one person. Some protocols route all messages through a central server,
making it impossible to use the IP of the other party as a unique
identifier (not that it's a good idea to use the IP anyway, since the
assumption of one unique and consistent IP per person is weak).
Furthermore, you have to deal with failed messages, resends, etc at the
application layer. And there are also other non-trivial (but thankfully
rarely occurring) issues with TCP stream reconstruction.

Basically, it's looking at the wrong OSI layer. An application layer
protocol is best handled at the application where all the necessary
semantics are easily available. It /is/ an business/organization trying
to conform to SOX, so something as minor as switching and standardizing
IM clients (not necessarily protocols) would be probably the least of
their problems. And probably more manageable than a custom script for a
non-trivial activity.

There are definitely enterprise solutions available. And if you want to
get Python involved in this discussion, consider GAIM, which can be
scripted using Python via a plugin.