Sign in to follow this  
Followers 0
xyzzy

Sniffing/Logging Microsoft Instant Messenger (Exchange)

6 posts in this topic

I want to keep records of IM conversations for a couple thousand accounts and am having trouble finding a clean way to do it. This is with the free instant messenger that comes with exchange. Obviously the proper solution is to upgrade these users to Live or another real IM system, but the business doesn't see this as a huge risk so I am stuck with a low budget (probably couldn't get away with spending more than 50k) solution.

Right now I have a hastily thrown together set of scripts working with ngrep on a linux box, which is sniffing off of the wire. It works, but it's dirty. The protocol spec is undocumented, and I'm afraid that my parsing code will fail in exceptional cases. I also cannot reconstruct files sent.

Does anyone know of any free or cheap (under 50k) solutions for monitoring IM conversations (for MS messenger)? Extra bonus if it can reconstruct files sent. I have tried several IM sniffers, but haven't found one able to log MS messenger.

Thanks.

0

Share this post


Link to post
Share on other sites

It's not MSN, it's Microsoft Instant Messenger.

And I think that my current solution (with ngrep and perl scripts) is as stable as ettercap and makes better logging (for my purposes -- to extract IM conversations in a format such that lawyers can read them) than what ettercap would give me.

Thanks for responding! I thought this thread was dead-in-the-water.

0

Share this post


Link to post
Share on other sites

you are on my cool guy list vector

edit: only works for MSN, not exchange IM unfortunately. But you're still on my cool guy list.

Edited by xyzzy
0

Share this post


Link to post
Share on other sites

at my office we use microsoft office communicator with an lcs server that just logs everything. Unfortunately i would not recommend it as it is the worst IM client I have ever used. Plus the management of it is half command line and half gui which adds up to a pain in my whole ass. I dont have any good solutions, just stay away from that one if someone brings it up.

0

Share this post


Link to post
Share on other sites

We're not changing IM platforms, I just need to find a way to monitor the one we have.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0