[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tcpdump/snort to capture chat sessions
- To: Bill Moran <wmoran_(_at_)_collaborativefusion_(_dot_)_com>
- Subject: Re: tcpdump/snort to capture chat sessions
- From: Tom Judge <tom_(_at_)_tomjudge_(_dot_)_com>
- Date: Wed, 11 Jun 2008 15:01:48 -0500
- Cc: R J <rjohanne_(_at_)_wnk_(_dot_)_hamline_(_dot_)_edu>, freebsd-net_(_at_)_freebsd_(_dot_)_org
Bill Moran wrote:
This is a good start however you are not guaranteed to see the whole
chat message in a single TCP packet. If you are looking for something
more advanced you will have to write a program around pcap/bpf or
similar to read the TCP stream.
In response to R J <rjohanne_(_at_)_wnk_(_dot_)_hamline_(_dot_)_edu>:
I am trying to use tcpdump (or snort, but they are both behaving the same
in this case) to capture all the lines or contents of an msn
chat session, the actual conversation. I am getting partial output; i.e,
I'll only get half of a sentence, and I don't see the rest of the lines.
And ofcourse, alot of it seems to be hex or obfuscated html?
What switches do I need to capture the entire lines of text?
Don't know about snort, but with tcpdump use -s0
freebsd-net_(_at_)_freebsd_(_dot_)_org mailing list
To unsubscribe, send any mail to "freebsd-net-unsubscribe_(_at_)_freebsd_(_dot_)_org"