tcpdump/snort to capture chat sessions
Bill Moran
wmoran at collaborativefusion.com
Wed Jun 11 20:42:23 UTC 2008
In response to Tom Judge <tom at tomjudge.com>:
> Bill Moran wrote:
> > In response to R J <rjohanne at wnk.hamline.edu>:
> >
> >> I am trying to use tcpdump (or snort, but they are both behaving the same
> >> in this case) to capture all the lines or contents of an msn
> >> chat session, the actual conversation. I am getting partial output; i.e,
> >> I'll only get half of a sentence, and I don't see the rest of the lines.
> >> And ofcourse, alot of it seems to be hex or obfuscated html?
> >>
> >> What switches do I need to capture the entire lines of text?
> >
> > Don't know about snort, but with tcpdump use -s0
> >
> This is a good start however you are not guaranteed to see the whole
> chat message in a single TCP packet. If you are looking for something
> more advanced you will have to write a program around pcap/bpf or
> similar to read the TCP stream.
He could use wireshark.
--
Bill Moran
Collaborative Fusion Inc.
http://people.collaborativefusion.com/~wmoran/
wmoran at collaborativefusion.com
Phone: 412-422-3463x4023
More information about the freebsd-net
mailing list