Save the snort logs, import into ethereal. Works well...t On Wed, 6 Feb 2002, Mark Ng wrote:
> Perhaps you could use tcpdump to log all AIM packets and then use ethereal > to reassemble the tcp streams ? I've reassembled irc conversations this way > pretty painlessly. > > -----Original Message----- > From: Keith T. Morgan [mailto:[EMAIL PROTECTED]] > Sent: 05 February 2002 20:05 > To: d'Ambly, Jeff > Cc: [EMAIL PROTECTED] > Subject: RE: AIM > > > I've done crudely using snort, some long arguments, selective ports, and > piping it through strings. It let you see what was going on, but it wasn't > pretty. > > -----Original Message----- > From: d'Ambly, Jeff [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 04, 2002 2:22 PM > To: '[EMAIL PROTECTED]' > Subject: AIM > > > My boss asked me the other day if we could log AOL instant messenger > conversations, I know of course this can be done with any sniffer but I was > wondering if there was a quick and easy way to do this. I was thinking > perhaps I could use snort, but how could I reassemble the conversations? I > would not like to spend all my time gathering and sorting all this info. Has > any one tried this before and if so how well did it work? >