In response to Tom Judge <[EMAIL PROTECTED]>: > Bill Moran wrote: > > In response to R J <[EMAIL PROTECTED]>: > > > >> I am trying to use tcpdump (or snort, but they are both behaving the same > >> in this case) to capture all the lines or contents of an msn > >> chat session, the actual conversation. I am getting partial output; i.e, > >> I'll only get half of a sentence, and I don't see the rest of the lines. > >> And ofcourse, alot of it seems to be hex or obfuscated html? > >> > >> What switches do I need to capture the entire lines of text? > > > > Don't know about snort, but with tcpdump use -s0 > > > This is a good start however you are not guaranteed to see the whole > chat message in a single TCP packet. If you are looking for something > more advanced you will have to write a program around pcap/bpf or > similar to read the TCP stream.
He could use wireshark. -- Bill Moran Collaborative Fusion Inc. http://people.collaborativefusion.com/~wmoran/ [EMAIL PROTECTED] Phone: 412-422-3463x4023 _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
