Results 1 to 3 of 3

Thread: IM monitoring tools

  1. #1
    Join Date
    Sep 2007
    Beans
    18
    Distro
    Ubuntu 8.04 Hardy Heron

    IM monitoring tools

    is thr any IM tracking or monitoring tools i can use to track network users IM chat log and wat IM tool they use???

    thr is serious misuse of IM in my office.....management ask to collect evidence~~~~

  2. #2
    Join Date
    Nov 2006
    Location
    Wisconsin, USA
    Beans
    920
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: IM monitoring tools

    First, what kind of acceptable use policy did the users sign, if any, and what are the wiretapping laws in your jurisdiction? You may want the mandate from management in writing. (The first step in any network investigation is not breaking any laws, and the "get out of jail free" card for the the investigator

    Next question, how much control do you have over the PC's and the network? You need one or the other. If you have control of the PC's, you can install logging software on them. Otherwise you have to be able to capture the network traffic. If you are on a switched network, which is typical, you either need something like a Fluke hardware network tap to replicate the uplink traffic to your ISP, or if the switches are smart enough, your equivalent of the Cisco monitor session command to replicate port traffic to your network analyzer. A quick and dirty analyzer is any Linux box running wireshark. If you can pick out an IM session, the Analyze option to "follow TCP stream" is your friend.

    A lot is going to depend on what protocols are being used for IM. E.g. many Jabber servers will use encryption, which would make monitoring a lot harder unless you have access to the hosts.

    If it's looking like too much work to snoop on the traffic, maybe you could just tighten up the egress filtering on the firewall and force all outbound traffic through a proxy server.

  3. #3
    Join Date
    Feb 2008
    Location
    US
    Beans
    2,782
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: IM monitoring tools

    im going to second the wireshark recommendation. Unless your office is very large wireshark should be able to solve this problem easily.
    Desktop: Q6600 OC: 343 x 9, 4 GB RAM, 8600 GTS Twinview (22",17"), 1.5 TB RAID 5
    Laptop: Lenovo T61 T7300 @ 2 GHz, 2GB RAM, Nvidia 140M Quadro, 160 GB harddrive
    Remember to mark posts as [SOLVED] when your problem is resolved

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •