LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-05-2005, 08:58 PM   #1
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,256

Rep: Reputation: 53
How can I monitor all AIM traffic with ethereal/tethereal?


How can I monitor all Aol IM traffic with ethereal/tethereal?
 
Old 05-05-2005, 09:04 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Look into a program called AIMSniff
 
Old 05-06-2005, 12:30 PM   #3
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,256

Original Poster
Rep: Reputation: 53
Thanks!

but AIMsniff only monitors 1 port, i have AIM traffic that i noticed on alteast ports 5090 and 5091
 
Old 05-06-2005, 01:16 PM   #4
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Well, in theory, you could try to decode all ports by adjusting the tcpdump filters, but you would need a MASSIVE system to handle that kind of traffic.
 
Old 05-07-2005, 01:02 PM   #5
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
Quote:
Originally posted by Matir
Well, in theory, you could try to decode all ports by adjusting the tcpdump filters, but you would need a MASSIVE system to handle that kind of traffic.
No you wouldn't ... look at snort. It does inspection of every frame it hears and you can run it on "moderate" systems at best.


Quote:
Originally posted by abefroman
but AIMsniff only monitors 1 port, i have AIM traffic that i noticed on alteast ports 5090 and 5091
AimSniff will do promiscuous monitoring of the network (you'll need a SPAN port in your switch to plug this box into or you won't hear anything). It'll catch all AIM traffic to and from your network (and double log traffic from one user on your network to another user on your network )
 
Old 05-07-2005, 01:40 PM   #6
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
AIMSniff also decodes the AIM protocol: their developers are the ones who have said monitoring ALL ports would need a sizable system.
 
Old 05-17-2005, 06:54 PM   #7
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
Just going on experience.

I log aim traffic for about 150 users on a 550 P3 running FreeBSD. It's not exactly what I'd call "sizeable", especially considering it's running MySQL, Apache, PHP and Horde for about 50 of those users to work a shared IMAP folder that averages 1500 messages.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I monitor traffic? anticuchos Linux - Networking 1 09-06-2005 03:16 AM
How to monitor a small network by ethereal ? jindo Linux - Networking 2 07-31-2005 10:32 PM
Using Tethereal to diagnose Samba Traffic ericthebikeman Linux - Networking 2 05-24-2005 09:23 AM
need traffic monitor SchwipSchwap Linux - Newbie 2 08-30-2003 02:31 AM
Ethereal - sniff ALL traffic chr15t0 Linux - Software 4 01-21-2003 04:40 PM


All times are GMT -5. The time now is 01:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration