jjhorner has asked for the wisdom of the Perl Monks concerning the following question:

I'm decoding some snort/acid data for a waste/fraud/abuse case and I came across some hex-encoded AIM data that I'd like to parse so I can follow some chat conversations. Has anyone ever decoded the data.data_payload field? Does anyone have the code handy so I won't have to reinvent the wheel? I appreciate it.
J. J. Horner, 
CISSP,CCNA,CHSS,CHP,blah,blah
jjhorner@safe-mail.net

Replies are listed 'Best First'.
Re: Decoding snort/acid packet data
by jjhorner (Hermit) on Jul 09, 2003 at 17:12 UTC

    Things have changed. My direction now is that I should start tracking the traffic using ethereal when someone is using AOL.

    My new problem is this: decoding the OSCAR/TOC data, pulling out userids, traffic type (chat room or direct im session), and pulling out the text.

    Does anyone know the message format for the AOL TOC/OSCAR protocol?

    By the way, the answer to my previous question was:

    s/([a-fA-F0-9]{2,2})/chr(hex($1))/eg;

    Any help would be appreciated.

    J. J. Horner 
    CISSP,CCNA,CHSS,CHP,blah,blah,blah