jjhorner has asked for the wisdom of the Perl Monks concerning the following question:

I'm decoding some snort/acid data for a waste/fraud/abuse case and I came across some hex-encoded AIM data that I'd like to parse so I can follow some chat conversations. Has anyone ever decoded the data.data_payload field? Does anyone have the code handy so I won't have to reinvent the wheel? I appreciate it.
J. J. Horner, 

Replies are listed 'Best First'.
Re: Decoding snort/acid packet data
by jjhorner (Hermit) on Jul 09, 2003 at 17:12 UTC

    Things have changed. My direction now is that I should start tracking the traffic using ethereal when someone is using AOL.

    My new problem is this: decoding the OSCAR/TOC data, pulling out userids, traffic type (chat room or direct im session), and pulling out the text.

    Does anyone know the message format for the AOL TOC/OSCAR protocol?

    By the way, the answer to my previous question was:


    Any help would be appreciated.

    J. J. Horner