Sniffing/Logging Microsoft Instant Messenger (Exchange)
Posted 27 September 2007 - 03:58 PM
Right now I have a hastily thrown together set of scripts working with ngrep on a linux box, which is sniffing off of the wire. It works, but it's dirty. The protocol spec is undocumented, and I'm afraid that my parsing code will fail in exceptional cases. I also cannot reconstruct files sent.
Does anyone know of any free or cheap (under 50k) solutions for monitoring IM conversations (for MS messenger)? Extra bonus if it can reconstruct files sent. I have tried several IM sniffers, but haven't found one able to log MS messenger.
Posted 08 October 2007 - 03:42 PM
And I think that my current solution (with ngrep and perl scripts) is as stable as ettercap and makes better logging (for my purposes -- to extract IM conversations in a format such that lawyers can read them) than what ettercap would give me.
Thanks for responding! I thought this thread was dead-in-the-water.
Posted 08 October 2007 - 04:00 PM
edit: only works for MSN, not exchange IM unfortunately. But you're still on my cool guy list.
Edited by xyzzy, 08 October 2007 - 04:09 PM.
Posted 08 October 2007 - 08:24 PM
Posted 08 October 2007 - 09:03 PM
BinRev is hosted by the great people at Lunarpages!