Nick Vatamaniuc wrote: > Assuming a one person per one machine per one chat protocol it might be > possible to recreate the tcp streams (a lot of packet capturing devices > already do that). So the gateway would have to have some kind of a > dispatch that would recognize the initialization of a chat loggon and > start a capture process for each such connection. I imagine with a 1000 > employess he will end up with a 1000 processes running at the same > time. Another way is to capture all the streams at once that deal with > the chat protocol and ports and then replay them later and somehow > cre-create the tcp streams and chat messages in a cron batch job (at > night or weekend).
As I said, it's tedious, not impossible. :) The AIM Sniff project (perl, not Python) does most of what you describe, but has bugs because of the approach. You're also ignoring the fact that each person may chat with more than one person. Some protocols route all messages through a central server, making it impossible to use the IP of the other party as a unique identifier (not that it's a good idea to use the IP anyway, since the assumption of one unique and consistent IP per person is weak). Furthermore, you have to deal with failed messages, resends, etc at the application layer. And there are also other non-trivial (but thankfully rarely occurring) issues with TCP stream reconstruction. Basically, it's looking at the wrong OSI layer. An application layer protocol is best handled at the application where all the necessary semantics are easily available. It /is/ an business/organization trying to conform to SOX, so something as minor as switching and standardizing IM clients (not necessarily protocols) would be probably the least of their problems. And probably more manageable than a custom script for a non-trivial activity. There are definitely enterprise solutions available. And if you want to get Python involved in this discussion, consider GAIM, which can be scripted using Python via a plugin. -- http://mail.python.org/mailman/listinfo/python-list