NAME
imsniff - Simple program to log Instant Messaging activity on the
network
SYNOPSIS
imsniff [-cdchatdir] [-dddebugdir] [-v*verbose] [-ppromisc]
[-ddaemonize] [-offsetdata_offset] [-helpN/A] [interface]
DESCRIPTION
This manual page documents briefly the imsniff commands.
This manual page was written for the Debian(TM) distribution because
the original program does not have a manual page. Instead, it has
documentation in the GNU Info format; see below.
The imsniff can be used to log IM activity on the network. It uses
libpcap to capture packets and analyzes them, logging conversation,
contact lists, etc.
Users connecting after imsniff is started can get pretty good results,
including complete contact lists and events (displaying a name change,
for example). Users already connected will be able to get the
conversations, but will miss the other information.
The only required parameter is the interface name to listen to. This
can be any interface that libpcap supports. A sample
imsniff.conf.sample file is included.
OPTIONS
--help
N/A. Display help.
-cd
Directory where conversations will be stored.
-dd
debugdir. Directory where logs will be stored. These logs contain
debug information as well as certain MSN events.
-v*
verbose. Debug level. The more v's (or higher the number in the
config file), the more info that is dumped. For regular usage, use 1
or 2. More than that will dump a lot of useless stuff.
-p
promisc. Put the device in promiscuous mode.
-d
data_offset. See below.
interface
Interface to use.
DATA OFFSET
The offset (in this context) is the length of the datalink header when
capturing packets. This is an important number because we need to skip
this header when processing packets. For ethernet, this number is 14,
and imsniff knows about it. If you use a different interface, you might
have to help imsniff by providing the number yourself. For example:
imsniff ppp0 -offset 4
How do you figure out this number? The easiest way is just try
different numbers (and keep your own MSN connection busy (type
something) until imsniff starts dumping conversations. The number is
never high anyway. A few tries should always do.
If you have to use this, once it's working please drop me a note
telling me what interface type imsniff reported, and the offset you
used. I will add this to the code so next versions don't have to be
tuned manually.
STATUS
Beta version. Seems to work decently.
SUPPORTED PROTOCOLS
For now, only MSN. Others could follow.
AUTHOR
This manual page was written by Amaya Rodrigo Sastre <amaya@debian.org>
for the Debian(TM) system (but may be used by others). Permission is
granted to copy, distribute and/or modify this document under the terms
of the GNU General Public License, Version 2 any later version
published by the Free Software Foundation.
On Debian systems, the complete text of the GNU General Public License
can be found in /usr/share/common-licenses/GPL.
AUTHOR
Amaya Rodrigo Sastre
Author.
COPYRIGHT
Copyright (C) 2006 Amaya Rodrigo Sastre
December 9, 2006