This new release is a culmination of bug fixes and new features. There is now an option that allows you to not map handles to IPs (Useful where you have AS outside of a NAT) and daemon mode has been implemented in this release. The install will now prompt for MySQL admin credentials to create the database.
In this release, the issues with MSN message types crashing the DB has been fixed as well as the issue of connections to the DB timing out after a period of time. The "noise" from database SQL statements has been fixed as well.
Version 1.0 now includes MSN sniffing support, improved sniffing of wireless packets, and a modularized code that aids in contribution and protocol development.
After quite a bit of downtime, development has been revived for this project again. Keep an eye out for new releases, new protocols, and new front ends. Exciting times!
T. Nelson has done quite a bit of work to ensure that this is the most stable release of AS to date. First, there are now processes to ensure that AS does not get stuck in an infinite loop for too long and eat up your CPU w/out doing anything. We've implemented checks and child processes that can be restarted if they get stuck. There are new config file options so be sure to read section 5 below. There are also more dependencies needed
now, so watch out for that. Previous versions of the handles file (prior to 0.9) are not compatible with this version.
Additionally, included in this release for the first time are two supporting files. rc.aimsniff and install.pl. The first is courtesy of T. Nelson and something you can use start and stop AS like a service. The install.pl is a script that will hopefully help you install AS.
This will be the LAST time that AS is released as one giant single file. The next release (1.0 finally!!!, woohoo!!! ok, it's out of my system now) will be completely revamped with modularized code for faster development. It will include a boat load of AIM Sniff specific modules and hopefully I'll have the MSN code worked out (no promises though).
This latest release fixes a few bugs that were missed in 0.6 and also has some added functionality. It can detect chat room joins and messages, capture buddy lists, run as a daemon, and output to a file. The output can be piped to other commands (such as grep, tee, more, etc.), and you can display a count of messages, logins, chats, and file transfers found on an exit.
A few feature enhancements including: file xfer detection, version information detection, and login information detection w/out the use of SMB.
Even better parsing of instant messages and a lot of modification to the web frontend including: sorting by various fields, multiple pages deep, click on a handle to get the NT username information. See the change log for more details.
I'm looking for PCAP formatted dump files that contain file transfers using AIM. I'm looking at the packets to decypher some sort of pattern to pull filenames out of packets when someone sends a file. This will lead to storing all files that are transferred to/from a network and possibly saving the file to the listening box to then run a virus scan on it for any known viruses. Please email your pcap files to me so that I have a number of sources to look for patterns from. ... read more
Fixed a bunch of things that I screwed up in 0.3. now contains:
*better parsing of handles and messages
*Very basic web script released to provide you with a view of the conversations captured
*Better SMB lookup abilities.
*Overall improvements in the coding to make it easier to read.
Nothing in the program itself changed, just the documentation. I changed the description of AIM Sniff and fixed the list of dependencies to reflect earlier changes in the program.
Second public release and a lot of features have been added and modified. Check out the change log for the latest. As always, feel free to mail me with request for new features or switches.
--Ability to read options from a config file
--Option to perform SMB lookups when a user logs onto AIM in order to get their NT Domain account name and NT domain user name
--Dump the SMB information into the database
--A couple of error checks were thrown in.
--Completely took out the Data::Hexdumper module and replaced it with Unicode::String (don't think I changed that in the README)
AIM Sniff is a utility for monitoring and archiving AOL Instant Messenger messages across a network. You can either do a live dump (actively sniff the network) or read a PCAP file and parse the file for IM messages. You also have the option of dumping the information to a MySQL database or STDOUT.
Also part of AIM Sniff is smbInfo.pl which is used to match IM handles with NT domain user names. This portion of the project is probably still a bit buggy or lacking error checking.... read more