Results 1 to 5 of 5

Thread: monitoring IM and MSN Messanger

  1. #1
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default monitoring IM and MSN Messanger

    I am looking for good toolset to quickly turn a pcap of im/msn messenger back to clear text for auditing of employees sending confidential data. using wireshark or whatever to rebuild streams is costly on the time and billing.

    I was looking at one tool imsniff but you apparently need to be layer4 ... I want something that can 100% passive (or from a monitor/span port capture and convert data to something more human readable.

    oh yes... my 1st post... seems that with all things new a new forum was born and had to make a new ID for myself!

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: monitoring IM and MSN Messanger

    The BackTrack connection of this post seems pretty tenuous to me... but since my answer will mention at least one tool available on BackTrack I will allow this.

    What do you mean by "need to be layer4" exactly? From what I have read about imsniff (in the last 30 seconds) it listens as a daemon, and I see no evidence that it sends anything onto the network so it sounds 100% passive to me.

    If you want to feed a pcap file into the program check to see if imsniff can read from a pcap instead of listening as a daemon (most programs based on the pcap libraries can do this), and if it cant use tcpreplay to resend the data in the pcap file to the program.

    You also might want to check out xplico, which is available in the repositories.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default Re: monitoring IM and MSN Messanger

    roger, thanks for the info. I guess to rephrase it was more of... is any tool in backtrack capable of it. I was searching the repo's but just didnt know ..

    yea the imsniff tool was complaining about no "ip address attached to interface" or something of the likes so assume it needs a route-able to do something didnt look into it to far .. was trying to cheat and see if a tool in backtrack already did this and I was missing it... not something I have had to do before is snoop the chatting.

    if the thread isnt in line with the new forum policy go ahead and hack it. if not and anyone has any advice of a tool that can be manipulated to provide chat stream data in a more reportable format.

    I will also check out xplico a bit more see if it gives up handy info.

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default Re: monitoring IM and MSN Messanger

    Aren't there better methods to deal with this issue than attempting to intercept the communications? After all, if you intercept it, then you have to read it, if it's a fairly large company with a lot of people using IM, that could be a very daunting, time consuming and expensive task.

    If the company is truly concerned about data leakage through those methods, MSN Messenger can be killed off with a simple GPO. Other IM clients can also be controlled via GPO by prohibiting their installation. IM servers can be blocked at the firewall. Employees can be made aware of a policy that prohibits the usage of all IM client software and anyone violating that policy is subject to disciplinary action.

    By you wanting to intercept it, you're setting yourself up for failure. If you miss something, then it's your ass on the line.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Member
    Join Date
    Feb 2010
    Location
    MTI3LjAuMC4x
    Posts
    90

    Default Re: monitoring IM and MSN Messanger

    true true but Im not trying to block or stop anything ... that would hurt my goal. working on a pen-test setup and the company is concerned that this might be happening. so I am trying to brush up before I go on site to see if I can capture things. So yes your point is very valid indeed however I just want to know how to trap MSN and read the data with out having to deal with a lot of work or fussing around. I see a lot of windows tools that look like a simple script kiddy parser of the pcap data. Just didnt know if anyone here ran into same issue with BT tools before.

Similar Threads

  1. Remote Network Monitoring
    By morpheous in forum Beginners Forum
    Replies: 4
    Last Post: 03-04-2010, 03:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •