Man Linux: Main Page and Category List


       imsniff - Simple program to log Instant Messaging activity on the


       imsniff [-cdchatdir] [-dddebugdir] [-v*verbose] [-ppromisc]
               [-ddaemonize] [-offsetdata_offset] [-helpN/A] [interface]


       This manual page documents briefly the imsniff commands.

       This manual page was written for the Debian(TM) distribution because
       the original program does not have a manual page. Instead, it has
       documentation in the GNU Info format; see below.

       The imsniff can be used to log IM activity on the network. It uses
       libpcap to capture packets and analyzes them, logging conversation,
       contact lists, etc.

       Users connecting after imsniff is started can get pretty good results,
       including complete contact lists and events (displaying a name change,
       for example). Users already connected will be able to get the
       conversations, but will miss the other information.

       The only required parameter is the interface name to listen to. This
       can be any interface that libpcap supports. A sample
       imsniff.conf.sample file is included.


          N/A. Display help.

          Directory where conversations will be stored.

          debugdir. Directory where logs will be stored. These logs contain
          debug information as well as certain MSN events.

          verbose. Debug level. The more v's (or higher the number in the
          config file), the more info that is dumped. For regular usage, use 1
          or 2. More than that will dump a lot of useless stuff.

          promisc. Put the device in promiscuous mode.

          data_offset. See below.

          Interface to use.


       The offset (in this context) is the length of the datalink header when
       capturing packets. This is an important number because we need to skip
       this header when processing packets. For ethernet, this number is 14,
       and imsniff knows about it. If you use a different interface, you might
       have to help imsniff by providing the number yourself. For example:

       imsniff ppp0 -offset 4

       How do you figure out this number? The easiest way is just try
       different numbers (and keep your own MSN connection busy (type
       something) until imsniff starts dumping conversations. The number is
       never high anyway. A few tries should always do.

       If you have to use this, once it's working please drop me a note
       telling me what interface type imsniff reported, and the offset you
       used. I will add this to the code so next versions don't have to be
       tuned manually.


       Beta version. Seems to work decently.


       For now, only MSN. Others could follow.


       This manual page was written by Amaya Rodrigo Sastre <>
       for the Debian(TM) system (but may be used by others). Permission is
       granted to copy, distribute and/or modify this document under the terms
       of the GNU General Public License, Version 2 any later version
       published by the Free Software Foundation.

       On Debian systems, the complete text of the GNU General Public License
       can be found in /usr/share/common-licenses/GPL.


       Amaya Rodrigo Sastre


       Copyright (C) 2006 Amaya Rodrigo Sastre

                               December 9, 2006