msgsnarf

Msgsnarf is a tool from the Dsniff suite of tools that a sniffer that aims to parse only chat messages (conversations) from popular IMs (Instant messengers). Currently, msgsnarf can record selected messages from:

• AOL Instant Messenger
• ICQ 2000
• IRC
• MSN messenger
• Yahoo messenger

Pre-requisite:
You are gonna need to be the man in the middle so you can see all the traffic that is going in between targeted nodes (arpspoof or ettercap can be used for this).

example:
# msgsnarf -i eth0
or you can filter specific hosts by a tcpdump filter expressionm
# msgsnarf -i eth0 host 10.0.0.2

'-i': interface to listen or sniff on (for live connections)

If you add a 'p' tag and remove the '-i', you can read from a pcap capture file and parse that for conversation. This method is more for forensics purposes.

This is a video of me performing this attack.

Eavse dropping on an MSN convo using msgsnarf from aerokid240 on Vimeo.

Resources/good reading:
http://monkey.org/~dugsong/dsniff/faq.html