Re: tcpdump/snort to capture chat sessions

[Tom Judge <tom_(_at_)_tomjudge_(_dot_)_com>]

Bill Moran wrote:
> In response to R J <rjohanne_(_at_)_wnk_(_dot_)_hamline_(_dot_)_edu>:
>
> > I am trying to use tcpdump (or snort, but they are both behaving the same 
> > in this case) to capture all the lines or contents of an msn 
> > chat session, the actual conversation.  I am getting partial output; i.e, 
> > I'll only get half of a sentence, and I don't see the rest of the lines. 
> > And ofcourse, alot of it seems to be hex or obfuscated html?
> >
> > What switches do I need to capture the entire lines of text?
>
> Don't know about snort, but with tcpdump use -s0
This is a good start however you are not guaranteed to see the whole 
chat message in a single TCP packet.  If you are looking for something 
more advanced you will have to write a program around pcap/bpf or 
similar to read the TCP stream.

Tom J
_______________________________________________
freebsd-net_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe_(_at_)_freebsd_(_dot_)_org"