Umm... Forgive me if I'm being less than insightful, but I don't seem to have a problem shutting down MSN Messenger, or logging it.
My firewall is in a default deny setting (only recently, though - and I caught a lot of flack by shutting most everything down, but I'm a hard case - I told 'em it was for their own good.) When the VP of sales whinged about not being able to IM his remote sales droids, I read my firewall logs and noticed a curious thing - there was a content-type header for MSN Messenger called application/x-msn-messenger. I created a separate instance of the http proxy on the firewall, set the only allowed content-header as that, and only allowed two machines through it. They're happy, my manager's happy, and I'm less unhappy. :) I'm guessing that if your firewall chases that kinda stuff, it shouldn't be too hard to parse logs for it, either. Don't know about Yahoo!, AIM or googlechat do their thing as yet, but I believe I have figured MSN Messenger out. Unfortunately, it doesn't seem to fall in the realm of ntop's particular expertise. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Chris Moore > Sent: Monday, March 20, 2006 07:43 > To: [email protected] > Subject: RE: [Ntop] msn messenger traffic measurement > > > > IIRC, MSN uses port 80 when it can - which of course makes it hard to > distinguish. These things (chat apps in general) are sneaky bastages. > They are essentially designed like a virus to evade security > systems. I > have $$$$ IDS machines doing layer 5-7 deep packet inspection that has > trouble catching them. Working at layer 4 and lower, NTOP doesn't have > much of a chance. > > Chris > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of > Burton Strauss > Sent: Monday, March 20, 2006 7:19 AM > To: [email protected] > Subject: RE: [Ntop] msn messenger traffic measurement > > IF (and that's a big IF) you can identify the ports used by MSN > messenger, > you could add them to the monitored protocols list via the --protocols > option. You can then enable RRD, which can be tuned to > accumulate into > whatever intervals you want (default is 5m, but it's > configurable on the > plugin's page). > > -----Burton > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of > Cevahir Pilpil > Sent: Monday, March 20, 2006 5:45 AM > To: [email protected] > Subject: [Ntop] msn messenger traffic measurement > > Hi everybody, > > I am using ntop last version on Fedora Core 4. > > In my corporate network, I would like to collect all MSN Messenger > traffic > and report it daily basis by dividing into 30 minute parts. > Is it possible to do it? > > Thanks for everybody. > > Cevahir > > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
