Question : Sniff traffic (ethereal?) capture yahoo messenger info

Anyone know a good way to capture conversations by sniffing the internal interface of our firewall? We belive a employee may be 1) going against our AU Policy 2) we think this person may be talking about confidential company information.

Blocking yahoo messenger is a major pain. I banned 1 kaggilian IP ranges, and it is still working. However if I could capture the conversations that should get the job done. Using eithereal I can see he is using it. I just cant seem to come up with a set of filters to make it easy to view.
ideas? it seems to be using port 80 and going through our http proxy. I am not very good with eithereal so dont answer like im a pro with it :)

Answer : Sniff traffic (ethereal?) capture yahoo messenger info

I am thinking about a different approach.
The servers which yahoo uses for the messenger belong to the domain "someservername.msg.dcn.yahoo.com".
If you create a primary DNS zone on your internal DNS servers for "msg.dcn.yahoo.com" than your users won't be able to resolve the names of the Yahoo messenger servers. Your DNS servers are authoriative for the "msg.dcn.yahoo.com" zone and they won't resolve the names of the messenger servers to IP addressess.
That is just an idea which is easy to implement.

Please tell us what happened?

NetoMeter

Random Solutions

Port 25 Open, all computers are ok, but one.

Can ISP make a copy of all of your network traffic and do illegal things with it???

POP3 service attachement restriction in Wndows 2003

Outlook 2003 error resolving name (Run DLL as an App)

Cisco VPN client connect issue

Zip Code Radius Calculation C# SQL MySQL

resetting a Cisco router!!!!!

Query regarding MX and SMTP retry period

Redundency problem with cisco 6513 and Cisco 3560 Switches

How do I join a domain over a VPN tunnel?