Identifying Google Talk packets

Instant messages and online chatting are the earliest forms of online social networking, and they remain as popular communication channels that people use to exchange information and socialize with each other through the Internet, even with the existence of the current diversified and various modern social networks such as mySpace and Facebook. This is especially the case for younger generations, who talk to each other by using text messages much more often than using phone calls and emails. The light-weight communication style of simple type-and-send-in-real-time is the main reason for online chatting (or instant messages) being favorable. However, similar with other sophisticated social networks, online chatting potentially faces the problem of being utilized by perpetrators or even pedophiles to conduct initial approach to innocent online users, who are in many situations children, which may lead to a dangerous crime. Therefore, in some cases, the investigation of victim's online chatting history may play an important role in identifying potential suspects. In this paper we study the aforementioned problem from the technical perspective and seek to conduct systematic approaches to retrieve user online chatting records from general Internet traces. Specifically, we conduct a preliminary study on identifying different types of Google Talk, one of the most popular online chatting software, by using Wireshark (or Ethereal). We describe in details the pattern of each type of online chat messages, and present the corresponding process of identifying the messages. Our experiments show that unencrypted Google Talk chat messages can be easily identified. This study is an initiation on conducting research to provide simple tools for facilitating online message investigations in the future.