Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Yahoo messenger log files help

  1. #1
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197

    Yahoo messenger log files help

    The MIS of one of our sister orgs. just called and has discovered that one of her (L)users has, (against company policy), installed Yahoo Messenger and been using it over port 80 to avoid the firewall block. She says that the logs are there but if she opens them they are all ascii characters.

    Anyone tell me how to read the logs to determine if it is work related or not 'cos if it isn't the (L)user is getting her pink slips - if it is the (L)user is getting suspended...... either way, she's in the clag........
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    What are you trying to find? If I remember right, when you put Yahoo over port 80 the traffic tends to look similar to HTTP but not quite. Nothing is encrypted so with a sniffer you should be able to read all coversations and see login/logout.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    331
    We'll it appears as if I have been bet to the punch again.

    Nebulus200

    You are correct with the sniffer. Just use Iris. It does all the dirty work for you. Plus it is super simple for lazy people like myself. If you prefered a *nix based sniffer however, try whatever you are comfortable with.
    Your heart was talking, not your mind.
    -Tiger Shark

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Its a .dat file saved by the user by the look of it.

    It's entitled awesomeamber03.dat, along with harely_babe, peachsncream etc etc etc..... really sounds like work.....

    It was located in the Progra~1\yahoo!\messenger\profiles\awesomeamber03\archive\messages\probe7270 folder.

    Is it possible that these are the user's profiles and these are logs of her activity as that screen-name...... I say that because of the directory structure. And if this is the case then these sure aren't the kind of names you would use for work related conversations.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    does AIM have logs too? If yes, where are they located?
    \"Not everything that counts can be counted, and not everything that can be counted counts.\" (Sign hanging in Einstein\'s office at Princeton)

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    I just checked my folders where I have it installed and don't have anything like that. The user must have chosen to archive some offline messages. You are probably better off looking at your firewall logs (or maybe IDS logs, ISS for example detects many Yahoo things). If you haven't busted the user yet (which I take it you have), you could also setup a network sniffer and catch the entire conversation.

    If you have already busted them and IDS doesn't catch it, your best bet for seeing the conversations is to look at your firewall logs. If you log the URL of http traffic, you will see what IP she was talking to and maybe parts of the converstation. You may want to take that DAT file and put it on a unix system and run 'od -cx' and 'strings' on it, you might be able to get useful infomration that way, but just keep in mind, it is probably only offline messages.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  7. #7
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    I found some information on another forum that may help:

    when i'm in yahoo messenger and i want to view some ones profile a message pops up saying: THIS FILE DOES NOT HAVE A PROGRAM ASSOCIATED WITH IT FOR PERFORMING THIS ACTION. CREATE AN ASSOCIATION IN MY COMPUTER, BY CLICKING VIEW AND THEN CLICK FOLDER OPTONS.

    So what then?
    Answer:

    You can always type in:

    http://profiles.yahoo.com/<user name>
    Cheers:
    DjM

  8. #8
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    I believe if its a date file then u may have to use the "Messaging Archive Viewer" tool in the Yahoo Messanger menu, from there u can see all the logs by the peoples names like u said were awesomeamber03.dat, along with harely_babe, peachsncream etc etc etc. If she uninstalled the messanger then reinstall it and see if you can load the messanger archive and have it open those .dat files. If you dont wanna install it back on her machine cuz she'll say something like u put it on there then save the .dat files on a floppy (shouldnt be too big) and install the messanger on another computer and load the .dat files in the view. I know that theres an option in messenger that u can archive all the conversations you've had with people.

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ok. I recreated the folder structure by using my yahoo profile and put her dat. file in there. Lo and behold it comes up in the Archived messenger thingy as a record of a conversation with probe7270. It clearly shows that the concersation took place, when each line was typed and even shows the "smileys"..... But the actual conversation comes out as trash, like it's encrypted.

    I checked probe's profile and he's a guy.... she's a girl..... I see birds and bees....<s>

    So.... I know....

    1. The names are her screen names
    2. the last folder name is the name of the person she was talking to
    3. Yahoo uses some kind of encryption on the offline files that probably uses her password.
    4. It ain't work........
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    try my advice tiger...just to see if it works...then u might actually have the convo. Not tryin to sound like a uber yahoo dude but maybe the archiver has an algorithm to read the log files and show them to u in plain text maybe? i dunno worth a shot if u wanna try and read them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •