Continued development?

  • wtan2005

    wtan2005 - 2005-05-26

    Are there any plans for continued development?  I noticed that the project seemed stalled for a while, then recently was updated.

    Some obvious ideas are:
    -Yahoo, AIM, ICQ support
    -ability to read directly from tcpdump files

    • Carlos Fernandez

      I want to add a small HTTP server to the daemon, so you don't have to look into text files unless you want do.

      Not sure about supporting other protocols because everyone I know of use MSN these days. However if someone feels to send a patch, I'll more than happy to apply it :-)

    • Jon Todaro

      Jon Todaro - 2005-09-02

      Insteading of building in a small HTTP server that could potentially open up security vunerabilities, why not just create three more switches in the config/commandline:


      These could be set to determine what user/group/permissions are assigned to the files that are outputted. ie... apache/apache could be easily worked in, with paths to chat logs in a web server directory, to make a nice simple way of checking the logs via the web.

      Just a thought.

      BTW, this works great with webmessenger, as well as msn messenger. or at least I think it did, per my tests.

    • Carlos Fernandez

      First thing is port it to Windows to get some extra users (and with luck, a developer or two to help), then the HTTP monitor.
      Regarding the other protocols, I must admit I'm a bit lazy about that. I don't use AIM at all, for example. ICQ, maybe.

    • Carlos Fernandez

      jtodaro, the permissions idea is quite sensible... I'll do it over the weekend.

    • Jon Todaro

      Jon Todaro - 2005-09-02

      Just realized, I think I was incorrect in stating that the system sniffs webmessenger also. I think my tests were flawed as they were against clients to and fro my lan so that is not a valid test. Anyone care to comment on this, as I would love to see a true to life webmessenger sniffing ability in something, and as of yet, this is probably the best sniffing project I have seen in regards to how the logs/files are formatted.

    • Segalla

      Segalla - 2005-09-03

      Hi Carlos,

      I'm trying to use imsniff but it seems to work a little bit strange:
      - Some users are logged, some don't. Users ha ve exactly the same version.
      - When some inside user opens a chat window and send some text, this text is never logged and this is what i get in debug:
      5 | get_new_line_malloc: Incomplete
      5 | get_new_line_malloc: Source was: teste2la@m^Q
      5 |  MSG : 0 : [teste2]
      0 | No known partipants in SB owned by, can't log

      Do you have any ideas of what is wrong?

      I made some changes to log the users on mysql but i'm still logging the messages the original way.

      If there's something I can help in development just let me know.

      Fernando Segalla

    • Carlos Fernandez

      segalla: Those get_new_line_malloc() messages are ok. Sometimes blocks are data are split between packets, and you can't process a block until the next packet arrives. When this happens, the sniffer just keeps a copy of the first part and joins it with the rest when if arrives.
      Regarding the sniffer not logging everything, this happens only to conversations in progress. Basically:

      - For users logged into MSN after the sniffer is launched, you can expect full logs of everything.
      - For conversations started after the sniffer is launched (even if the user was logged before) you can expect the conversation to be logged as well.
      - For conversations started before the sniffer was launched, expect the log to start after both users have typed something.

      This happens because the sniffer has to find out who the user is before it knows where to log the conversation. That information is transmitted when the user joins the switchboard (a "room") and also when he types something. Until the sniffer can catch that, the conversation is "anonymous".

      To sum it up, the more time the sniffer has been up, the more complete the logs will be.

    • Carlos Fernandez

      jtodaro: The sniffer only support the native MSN protocol. Webmessenger support could be added later, even though right now I'm looking into ICQ, which seems to be simpler than I first though.
      The permissions thing you suggested will be included in 0.05.

    • Segalla

      Segalla - 2005-09-04


      Ok, I will keep it running.

      Another thing that is happening, I have another lan with 150 users but just 5 or 6 users get logged. I have to say that this lan is a mess, lots of protocols running at same time and lots of virus (I just take care of the gateway/firewall). Do you think that these problems are getting the sniffer confused?


    • Carlos Fernandez

      Segalla: I believe it's impossible that the sniffer gets confused because of that. For starters, if it actually got confused, it would just crash. Sniffing is a sensitive thing in the sense that if you attempt to parse the wrong packet, you are guaranteed to have serious problems...
      Either those users aren't using the MSN protocol (maybe webmail), or MSN couldn't log for some reason (if this happens, check the general log instead of the conversation log, so you can get more info about what's going on).


Log in to post a comment.