There comes a time in most network administrators’ careers when they find themselves in the unenviable position of Acceptable Use Policy enforcement. This often includes monitoring the network for violations, including use/abuse of instant messaging software. For example, maybe the boss fears someone is sharing trade secrets, or the owner is tired of paying people to chat with their friends and family. Regardless of the reason, there are a handful of tools capable of checking things out.

One of the best sniffers out there is Ethereal. This Open Source product has been ported to several operating systems and is a must-have for every administrator’s toolbox as it sniffs all traffic off the wire. This makes it very handy in many situations, including (but definitely not limited to) examining instant message traffic.

Because it grabs everything, it is capable of sniffing information from all of the instant message protocols, including AIM, MSN, and Yahoo. The contents of the packets are readable in the display, and because the messages are sent over the network in plain text, they are easily readable by the software. This allows administrators to find out who’s using the software, who they’re talking to, and even what they’re saying!

If Ethereal is overkill for your needs, then check out AIM Sniff. AIM Sniff is capable of sniffing out all AIM traffic, and it uses the same capture method (libpcap) as Ethereal. AIM Sniff is further capable of recording and storing the AIM traffic to a MySQL database, and there is an add-on program that allows the traffic reports to be viewed on the web.

Obviously these tools can also be used for nefarious purposes. Just because you can doesn’t mean you should. Don’t be evil!