On Jul 18, 2006, at 7:36 AM, Nick Vatamaniuc wrote: > It depends on what IM protocol the company is using. If there is more > than one, your job might end up being quite complicated. You indicated > port 5190 in your post, does it mean that the company is using only > AOL > IM?
Yes, they've told me that the users routinely use AIM to contact clients and each other. I don't believe that their firewalls permit other IM protocols. > 1) As far as capturing the traffic, I would use a specific tool like > tcpick ( a cousin of tcpdump but actually dumps the data to console > not > just the headers and recreates the tcp streams -- good stuff!). Again > if you know the exact port number and the exact protocol this might be > very easy because you will set up your capturing program to capture > traffic from only 1 port. Thanks; I'll have to play around with tcpick today. > 2) The decoding will depend on your protocol, if you have more than > one > IM protocol then the capture idea from above won't work too well, you > will have to capture all the traffic then decode each stream, for each > side, for each protocol. I guess I'll have to start googling for AIM decoding information. > 3) Recording or replay is easy. Save to files or dump to a MySQL table > indexed by user id, timestamp, IP etc. Because of buffering issues > you > will probably not get a very accurate real-time monitoring system with > this setup. They aren't interested in real-time monitoring; their main concern is Sarb-ox compliance. Thanks for your help! -- Ed Leafe -- http://leafe.com -- http://dabodev.com -- http://mail.python.org/mailman/listinfo/python-list