- AOL Instant Messenger
- ICQ 2000
- MSN messenger
- Yahoo messenger
You are gonna need to be the man in the middle so you can see all the traffic that is going in between targeted nodes (arpspoof or ettercap can be used for this).
# msgsnarf -i eth0
or you can filter specific hosts by a tcpdump filter expressionm
# msgsnarf -i eth0 host 10.0.0.2
'-i': interface to listen or sniff on (for live connections)
If you add a 'p' tag and remove the '-i', you can read from a pcap capture file and parse that for conversation. This method is more for forensics purposes.
This is a video of me performing this attack.