Incidentally, trillian (www.trillian.cc as mentioned by another person) (possibly other clients) support session-key encryption for AIM, which could foil any attempts.
Though of course, lately trillian has been having enough problems just connecting to AIM :) But just so that you're aware of the encryption possibility. -----Original Message----- From: d'Ambly, Jeff [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 1:33 PM To: [EMAIL PROTECTED] Subject: RE: AIM So I got a lot of really good feed back from all you thanks for the help. I looked at all your suggestions and tried them out. What I found is that snort is the best way to go. I created this rule, alert tcp any any -> any 5190 (msg:"AIM Message"; content:"HTML";) This is a real simple rule but it does log all the messages and not all the other crap that is part of the AIM app. Legal issues aside this is the way to go. I am in the process of writing a web interface that will go through and parse all this data and make it all search able. With such a large amount of matches it just makes sense to log to a database. Thanks for all your help and hints. d'Ambly, Jeff wrote: >My boss asked me the other day if we could log AOL instant messenger >conversations, I know of course this can be done with any sniffer but I >was wondering if there was a quick and easy way to do this. I was >thinking perhaps I could use snort, but how could I reassemble the >conversations? I would not like to spend all my time gathering and >sorting all this info. Has >any one tried this before and if so how well did it work? >
