Download Latest Version
aimsniff-0.9d.tar.gz (24.0 kB)
Get an email when there's a new version of AIM Sniff
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| aimsniff-0.9c.tar.gz | 2004-02-12 | 24.1 kB | |
| aimsniff.zip | 2004-01-05 | 1.7 MB | |
| aimsniff_layouts.xls | 2002-10-07 | 22.5 kB | |
| aimsniff-0.5.tar.gz | 2002-09-19 | 10.7 kB | |
| README | 2002-09-09 | 4.9 kB | |
| aimSniff-0.4.tar.gz | 2002-09-09 | 7.6 kB | |
| aimsniff-0.4.tar.gz | 2002-09-08 | 7.1 kB | |
| aimSniff-0.3.tar.gz | 2002-09-03 | 6.3 kB | |
| aimsniff-0.2.tar.gz | 2002-09-01 | 5.1 kB | |
| table.struct | 2002-09-01 | 758 Bytes | |
| smbInfo.pl | 2002-09-01 | 3.2 kB | |
| aimSniff.pl | 2002-09-01 | 9.7 kB | |
| Totals: 12 Items | 1.8 MB | 0 | |
########################################## AIM Sniff Copyright (C) 2002 Shawn Grimes ########################################## ********************************************** Disclaimer: I provide this software as a public service to experienced systems administrators who wish to protect their users from harassment while using AIM and to demonstrate the need for encryption in instant messenging programs. ********************************************** ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ IMPORTANT NOTE: Version 0.4 requires a different table structure than earlier versions. Be sure to check check the changes in table.struct if you were the one person who tried one of the early versions. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1. License Information 2. Program Description 3. Sample Config File 4. Dependencies 5. Installation Procedure ########## 1. License Information ########## This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the: Free Software Foundation, Inc. 59 Temple Place, Suite 330 Boston, MA 02111-1307 USA You may also contact me directly with any questions at: grimessh@users.sourceforge.net ########## 2. Program Description ########## AIM Sniff is a utility for monitoring and archiving AOL Instant Messenger messages across a network. You can either do a live dump (actively sniff the network) or read a PCAP file and parse the file for IM messages. You also have the option of dumping the information to a MySQL database or STDOUT. Also part of AIM Sniff is smbInfo.pl which is used to match IM handles with NT domain user names. This portion of the project is probably still a bit buggy or lacking error checking. Another part of AIM Sniff will be a web page front end to view and generate reports of captured AIM conversations. This will include the ability to see all conversations from an IP address, AIM handle, NT Username, conversations between certain time periods. It will allow administrators to see how often users are chatting to monitor for abuse. You can also use AIM Sniff to monitor for cases of harassment or warez trading. SWITCHES: -C=filename <-Get AIM Sniff options from a config file -r=filename <-Read a PCAP file instead of doing a live capture -c=integer <-The number of packets to read before quitting -d=dev <-The device to capture packets from -f='filter string' <-String to filter on enclosed in single quotes (DEFAULT: 'tcp and port 5190') -- Should only have to be specified if you think AIM is running on a different port -p <-Place the device into promiscuous mode -to=integer <-Read timeout in ms --SMB <-Turn SMB lookups 'on' to get NT domain usernames with AIM logins, Off by default --nodb <-Do not dump to a DB, only dump to STDOUT --quiet <-Do not print anything but errors to STDOUT --getHandles <-Do not do anything with PCAP but populate the fromHandle field in the logs table (Can be used with -C above) ########## 3. Sample Config File ########## dumpfile=/home/aimsniff/aim.dump packetCount=10 dev=eth0 filter='tcp and port 5190' promisc=1 timeout=1000 SMB=1 nodb=1 quiet=1 host=mysql.server.com user=aimuser password=password ########## 4. Dependencies ########## Requires Samba to perform SMB lookup features. Requires the following perl modules: Net::Pcap NetPacket::Ethernet NetPacket::IP NetPacket::TCP Unicode::String DBI DBD::mysql ########## 5. Installation Procedure ########## First, install the above dependencies and run 'aimSniff.pl --nodb' to make sure you have all the necessary dependencies. If you plan to use the database dump feature, you'll have to load the table.struct file into mysql. To do this run the following command 'mysql < table.struct'. This will create a database named "aim" with all the right tables. Now you can create a user that has rights to this database by running mysql and issuing: 'GRANT ALL ON aim.* TO username@hostname IDENTIFIED BY 'password';' For more info on granting access to a user see the MySQL documentation. After all this, you should modify the aimSniff.pl file to reflect your database information or edit the config file. You can run 'aimsniff.pl -h' to see a list of switches and options. Included in this version is a very very basic web CGI (perl) script that will give you a basic over view of the data AIM Sniff has captured in a database. This web script will now be my main focus in developing AIM Sniff. Enjoy and happy sniffing.