NAME

       imsniff - Simple program to log Instant Messaging activity on the network

SYNOPSIS

       imsniff [-cdchatdir] [-dddebugdir] [-v*verbose] [-ppromisc] [-ddaemonize] [-offsetdata_offset] [-helpN/A]
               [interface]

DESCRIPTION

       This manual page documents briefly the imsniff commands.

       This manual page was written for the Debian(TM) distribution because the original program does not have a
       manual page. Instead, it has documentation in the GNU Info format; see below.

       The imsniff can be used to log IM activity on the network. It uses libpcap to capture packets and
       analyzes them, logging conversation, contact lists, etc.

       Users connecting after imsniff is started can get pretty good results, including complete contact lists
       and events (displaying a name change, for example). Users already connected will be able to get the
       conversations, but will miss the other information.

       The only required parameter is the interface name to listen to. This can be any interface that libpcap
       supports. A sample imsniff.conf.sample file is included.

OPTIONS

       --help
          N/A. Display help.

       -cd
          Directory where conversations will be stored.

       -dd
          debugdir. Directory where logs will be stored. These logs contain debug information as well as certain
          MSN events.

       -v*
          verbose. Debug level. The more v's (or higher the number in the config file), the more info that is
          dumped. For regular usage, use 1 or 2. More than that will dump a lot of useless stuff.

       -p
          promisc. Put the device in promiscuous mode.

       -d
          data_offset. See below.

       interface
          Interface to use.

DATA OFFSET

       The offset (in this context) is the length of the datalink header when capturing packets. This is an
       important number because we need to skip this header when processing packets. For ethernet, this number
       is 14, and imsniff knows about it. If you use a different interface, you might have to help imsniff by
       providing the number yourself. For example:

       imsniff ppp0 -offset 4

       How do you figure out this number? The easiest way is just try different numbers (and keep your own MSN
       connection busy (type something) until imsniff starts dumping conversations. The number is never high
       anyway. A few tries should always do.

       If you have to use this, once it's working please drop me a note telling me what interface type imsniff
       reported, and the offset you used. I will add this to the code so next versions don't have to be tuned
       manually.

STATUS

       Beta version. Seems to work decently.

SUPPORTED PROTOCOLS

       For now, only MSN. Others could follow.

AUTHOR

       This manual page was written by Amaya Rodrigo Sastre <amaya@debian.org> for the Debian(TM) system (but
       may be used by others). Permission is granted to copy, distribute and/or modify this document under the
       terms of the GNU General Public License, Version 2 any later version published by the Free Software
       Foundation.

       On Debian systems, the complete text of the GNU General Public License can be found in
       /usr/share/common-licenses/GPL.

AUTHOR

       Amaya Rodrigo Sastre
          Author.

COPYRIGHT

       Copyright © 2006 Amaya Rodrigo Sastre

                                                December 9, 2006                                      IMSNIFF(8)