I want to keep records of IM conversations for a couple thousand accounts and am having trouble finding a clean way to do it. This is with the free instant messenger that comes with exchange. Obviously the proper solution is to upgrade these users to Live or another real IM system, but the business doesn't see this as a huge risk so I am stuck with a low budget (probably couldn't get away with spending more than 50k) solution.
Right now I have a hastily thrown together set of scripts working with ngrep on a linux box, which is sniffing off of the wire. It works, but it's dirty. The protocol spec is undocumented, and I'm afraid that my parsing code will fail in exceptional cases. I also cannot reconstruct files sent.
Does anyone know of any free or cheap (under 50k) solutions for monitoring IM conversations (for MS messenger)? Extra bonus if it can reconstruct files sent. I have tried several IM sniffers, but haven't found one able to log MS messenger.
Thanks.
Sniffing/Logging Microsoft Instant Messenger (Exchange)
Started by
xyzzy
, Sep 27 2007 03:58 PM
6 replies to this topic
#2
SynAck666
-
- Members
-
- 41 posts
DDP Fan club member
- Location: UK
Posted 08 October 2007 - 03:35 PM
Does Ettercap do MSN traffic?
#3
xyzzy
-
- Members
-
- 25 posts
SCRiPT KiDDie
- Location:USA
Posted 08 October 2007 - 03:42 PM
It's not MSN, it's Microsoft Instant Messenger.
And I think that my current solution (with ngrep and perl scripts) is as stable as ettercap and makes better logging (for my purposes -- to extract IM conversations in a format such that lawyers can read them) than what ettercap would give me.
Thanks for responding! I thought this thread was dead-in-the-water.
And I think that my current solution (with ngrep and perl scripts) is as stable as ettercap and makes better logging (for my purposes -- to extract IM conversations in a format such that lawyers can read them) than what ettercap would give me.
Thanks for responding! I thought this thread was dead-in-the-water.
#4
LUCKY_FUCKIN_CHARMS
-
- Members
-
- 1,493 posts
TCP/IP....PI/MP
- Gender:Male
- Location:Las Vegas
Posted 08 October 2007 - 03:54 PM
netresident
#5
xyzzy
-
- Members
-
- 25 posts
SCRiPT KiDDie
- Location:USA
Posted 08 October 2007 - 04:00 PM
you are on my cool guy list vector
edit: only works for MSN, not exchange IM unfortunately. But you're still on my cool guy list.
edit: only works for MSN, not exchange IM unfortunately. But you're still on my cool guy list.
Edited by xyzzy, 08 October 2007 - 04:09 PM.
#6
Lord Wud
-
- Members
-
- 423 posts
SUPR3M3 31337 Mack Daddy P1MP
- Location:New Jersey
Posted 08 October 2007 - 08:24 PM
at my office we use microsoft office communicator with an lcs server that just logs everything. Unfortunately i would not recommend it as it is the worst IM client I have ever used. Plus the management of it is half command line and half gui which adds up to a pain in my whole ass. I dont have any good solutions, just stay away from that one if someone brings it up.
#7
xyzzy
-
- Members
-
- 25 posts
SCRiPT KiDDie
- Location:USA
Posted 08 October 2007 - 09:03 PM
We're not changing IM platforms, I just need to find a way to monitor the one we have.
BinRev is hosted by the great people at Lunarpages!
