in reply to Decoding snort/acid packet data

Things have changed. My direction now is that I should start tracking the traffic using ethereal when someone is using AOL.

My new problem is this: decoding the OSCAR/TOC data, pulling out userids, traffic type (chat room or direct im session), and pulling out the text.

Does anyone know the message format for the AOL TOC/OSCAR protocol?

By the way, the answer to my previous question was:

s/([a-fA-F0-9]{2,2})/chr(hex($1))/eg;

Any help would be appreciated.

J. J. Horner 
CISSP,CCNA,CHSS,CHP,blah,blah,blah