-
Notifications
You must be signed in to change notification settings - Fork 0
joninvski/imsniff
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
IMsnif, by Carlos Fernandez, carlos.fernandez.sanz@gmail.com ------------------------------------------------------------ DESCRIPTION ----------- IMsnif is a simple program to log Instant Message activity on the network. It uses libpcap to capture packets and analyzes them, logging conversation, contact lists, etc. RUNNING (LINUX) --------------- You can configure it via command line parameters or via a file called imsniff.conf either in the current directory or in /etc. If for some reason you rename the IMsniff execute, you need to rename the config file as well. A sample imsniff.conf.sample file is included. The only required parameter is the interface name to listen to. This can be any interface that libpcap supports, such as imsnif eth0 If you use a non-ethernet interface, please read the data offset section below. For users connecting after IMsnif starts running you can get pretty good results, including complete contact lists and events (display name change, for example). For users already connected you will be able to get the conversations, which is not bad, but you will miss other stuff. OTHER PARAMETERS ---------------- command line config file Description ------------------------------------------------------------ -cd chatdir Directory where conversations will be stored. -dd debugdir Directory where logs will be stored. These logs contain debug information as well as certain MSN events. -v* verbose Debug level. The more v's (or higher the number in the config file), the more info that is dumped. For regular usage, use 1 or 2. More than that will dump a lot of useless stuff. -p promisc Put the device in promiscuous mode. -d daemonize Become a daemon. -offset data_offset See below. -help N/A Display help. With no prefix interface Interface to use. DATA OFFSET ----------- The offset (in this context) is the length of the datalink header when capturing packets. This is an important number because we need to skip this header when processing packets. For ethernet, this number is 14, and IMsniff knows about it. If you use a different interface, you might have to help IMsniff by providing the number yourself. Por example: imniff ppp0 -offset 4 How do you figure out this number? The easiest way is just try different numbers (and keep your own MSN connection busy (type something) until IMsniff starts dumping conversations. The number is never high anyway. A few tries should always do. If you have to use this, once it's working please drop me a note telling me what interface type IMsnif reported, and the offset you used. I will add this to the code so next versions don't have to be tuned manually. RUNNING (WINDOWS) ----------------- Everything is like linux, except: - Instead of a device NAME you need to enter a device NUMBER. This is because device names in Windows are pretty much unreadable. In order to get the number, run the program with -list just once, i.e. imsniff -list You will get a list of available devices, with a number, a name (you will see why we don't want to use this), and a description. Just choose the correct number, and use it, like this: imsniff 2 - There is no deaemon mode. If someone bothers to make imsniff a service, please send me the patches. In the meantime, it's just console mode. STATUS ------ Beta version. Seems to work decently. SUPPORTED PROTOCOLS ------------------- For now, only MSN. Others could follow. REQUIREMENTS ------------ libpcab or winpcap.
About
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published