imsniff(8) Simple program to log Instant Messaging activity on the network

SYNOPSIS

imsniff [-cdchatdir] [-dddebugdir] [-v*verbose] [-ppromisc] [-ddaemonize] [-offsetdata_offset] [-helpN/A] [interface]

DESCRIPTION

This manual page documents briefly the imsniff commands.

This manual page was written for the Debian(TM) distribution because the original program does not have a manual page. Instead, it has documentation in the GNU Info format; see below.

The imsniff can be used to log IM activity on the network. It uses libpcap to capture packets and analyzes them, logging conversation, contact lists, etc.

Users connecting after imsniff is started can get pretty good results, including complete contact lists and events (displaying a name change, for example). Users already connected will be able to get the conversations, but will miss the other information.

The only required parameter is the interface name to listen to. This can be any interface that libpcap supports. A sample imsniff.conf.sample file is included.

OPTIONS

--help

N/A. Display help.

-cd

Directory where conversations will be stored.

-dd

debugdir. Directory where logs will be stored. These logs contain debug information as well as certain MSN events.

-v*

verbose. Debug level. The more v's (or higher the number in the config file), the more info that is dumped. For regular usage, use 1 or 2. More than that will dump a lot of useless stuff.

-p

promisc. Put the device in promiscuous mode.

-d

data_offset. See below.

interface

Interface to use.

DATA OFFSET

The offset (in this context) is the length of the datalink header when capturing packets. This is an important number because we need to skip this header when processing packets. For ethernet, this number is 14, and imsniff knows about it. If you use a different interface, you might have to help imsniff by providing the number yourself. For example:

imsniff ppp0 -offset 4

How do you figure out this number? The easiest way is just try different numbers (and keep your own MSN connection busy (type something) until imsniff starts dumping conversations. The number is never high anyway. A few tries should always do.

If you have to use this, once it's working please drop me a note telling me what interface type imsniff reported, and the offset you used. I will add this to the code so next versions don't have to be tuned manually.

STATUS

Beta version. Seems to work decently.

SUPPORTED PROTOCOLS

For now, only MSN. Others could follow.

AUTHOR

This manual page was written by Amaya Rodrigo Sastre <[email protected]> for the Debian(TM) system (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 any later version published by the Free Software Foundation.

On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.

AUTHOR

Amaya Rodrigo Sastre

Author.

COPYRIGHT

Copyright © 2006 Amaya Rodrigo Sastre