LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How can I monitor all AIM traffic with ethereal/tethereal? (https://www.linuxquestions.org/questions/linux-security-4/how-can-i-monitor-all-aim-traffic-with-ethereal-tethereal-320573/)

abefroman 05-05-2005 09:58 PM

How can I monitor all AIM traffic with ethereal/tethereal?
 
How can I monitor all Aol IM traffic with ethereal/tethereal?

Matir 05-05-2005 10:04 PM

Look into a program called AIMSniff :)

abefroman 05-06-2005 01:30 PM

Thanks!

but AIMsniff only monitors 1 port, i have AIM traffic that i noticed on alteast ports 5090 and 5091

Matir 05-06-2005 02:16 PM

Well, in theory, you could try to decode all ports by adjusting the tcpdump filters, but you would need a MASSIVE system to handle that kind of traffic.

sigsegv 05-07-2005 02:02 PM

Quote:

Originally posted by Matir
Well, in theory, you could try to decode all ports by adjusting the tcpdump filters, but you would need a MASSIVE system to handle that kind of traffic.
No you wouldn't ... look at snort. It does inspection of every frame it hears and you can run it on "moderate" systems at best.


Quote:

Originally posted by abefroman
but AIMsniff only monitors 1 port, i have AIM traffic that i noticed on alteast ports 5090 and 5091

AimSniff will do promiscuous monitoring of the network (you'll need a SPAN port in your switch to plug this box into or you won't hear anything). It'll catch all AIM traffic to and from your network (and double log traffic from one user on your network to another user on your network :p )

Matir 05-07-2005 02:40 PM

AIMSniff also decodes the AIM protocol: their developers are the ones who have said monitoring ALL ports would need a sizable system.

sigsegv 05-17-2005 07:54 PM

Just going on experience.

I log aim traffic for about 150 users on a 550 P3 running FreeBSD. It's not exactly what I'd call "sizeable", especially considering it's running MySQL, Apache, PHP and Horde for about 50 of those users to work a shared IMAP folder that averages 1500 messages.


All times are GMT -5. The time now is 06:28 PM.