Decoding snort/acid packet data


Perl-Sensitive Sunglasses
	PerlMonks

Decoding snort/acid packet data

by jjhorner (Hermit)

on Jul 08, 2003 at 15:31 UTC ( [id://272321]=perlquestion: print w/replies, xml )

Need Help??

jjhorner has asked for the wisdom of the Perl Monks concerning the following question:

I'm decoding some snort/acid data for a waste/fraud/abuse case and I came across some hex-encoded AIM data that I'd like to parse so I can follow some chat conversations. Has anyone ever decoded the data.data_payload field? Does anyone have the code handy so I won't have to reinvent the wheel? I appreciate it.

J. J. Horner, 
CISSP,CCNA,CHSS,CHP,blah,blah
jjhorner@safe-mail.net

Comment on Decoding snort/acid packet data

Replies are listed 'Best First'.

Re: Decoding snort/acid packet data
by jjhorner (Hermit) on Jul 09, 2003 at 17:12 UTC

Things have changed. My direction now is that I should start tracking the traffic using ethereal when someone is using AOL.

My new problem is this: decoding the OSCAR/TOC data, pulling out userids, traffic type (chat room or direct im session), and pulling out the text.

Does anyone know the message format for the AOL TOC/OSCAR protocol?

By the way, the answer to my previous question was:

s/([a-fA-F0-9]{2,2})/chr(hex($1))/eg;
[download]

Any help would be appreciated.

J. J. Horner 
CISSP,CCNA,CHSS,CHP,blah,blah,blah

[reply]
[d/l]

Back to Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: perlquestion [id://272321]
Approved by sschneid
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others pondering the Monastery: (6)

As of 2024-04-25 10:54 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found