joninvski/imsniff
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
IMsnif, by Carlos Fernandez, carlos.fernandez.sanz@gmail.com
------------------------------------------------------------
DESCRIPTION
-----------
IMsnif is a simple program to log Instant Message activity
on the network. It uses libpcap to capture packets and
analyzes them, logging conversation, contact lists, etc.
RUNNING (LINUX)
---------------
You can configure it via command line parameters or via a
file called imsniff.conf either in the current directory
or in /etc. If for some reason you rename the IMsniff
execute, you need to rename the config file as well.
A sample imsniff.conf.sample file is included.
The only required parameter is the interface name to listen
to. This can be any interface that libpcap supports, such
as
imsnif eth0
If you use a non-ethernet interface, please read the data
offset section below.
For users connecting after IMsnif starts running you can get
pretty good results, including complete contact lists and
events (display name change, for example). For users already
connected you will be able to get the conversations, which is
not bad, but you will miss other stuff.
OTHER PARAMETERS
----------------
command line config file Description
------------------------------------------------------------
-cd chatdir Directory where conversations
will be stored.
-dd debugdir Directory where logs will be
stored. These logs contain
debug information as well
as certain MSN events.
-v* verbose Debug level. The more v's
(or higher the number in the
config file), the more info
that is dumped. For regular
usage, use 1 or 2. More than
that will dump a lot of useless
stuff.
-p promisc Put the device in promiscuous
mode.
-d daemonize Become a daemon.
-offset data_offset See below.
-help N/A Display help.
With no prefix interface Interface to use.
DATA OFFSET
-----------
The offset (in this context) is the length of the datalink header
when capturing packets. This is an important number because we
need to skip this header when processing packets. For ethernet,
this number is 14, and IMsniff knows about it. If you use a different
interface, you might have to help IMsniff by providing the number
yourself. Por example:
imniff ppp0 -offset 4
How do you figure out this number? The easiest way is just try
different numbers (and keep your own MSN connection busy (type something)
until IMsniff starts dumping conversations. The number is never high
anyway. A few tries should always do.
If you have to use this, once it's working please drop me a note telling
me what interface type IMsnif reported, and the offset you used. I will
add this to the code so next versions don't have to be tuned manually.
RUNNING (WINDOWS)
-----------------
Everything is like linux, except:
- Instead of a device NAME you need to enter a device NUMBER. This is
because device names in Windows are pretty much unreadable. In order
to get the number, run the program with -list just once, i.e.
imsniff -list
You will get a list of available devices, with a number, a name (you
will see why we don't want to use this), and a description. Just
choose the correct number, and use it, like this:
imsniff 2
- There is no deaemon mode. If someone bothers to make imsniff a service,
please send me the patches. In the meantime, it's just console mode.
STATUS
------
Beta version. Seems to work decently.
SUPPORTED PROTOCOLS
-------------------
For now, only MSN. Others could follow.
REQUIREMENTS
------------
libpcab or winpcap.
About
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published