Re: snooper watchers

[Mark.Graff () Eng Sun COM ( Mark Graff )]

Ben,

You're right, the old method won't work under Solaris 2.x and a
replacement is (sort of) in the works. That is, I've heard of
efforts both inside and outside of Sun, but no definite plan yet.

Internally, we've been looking into a couple of possibilities.
I don't know whether a decision has been made as to what to do;
I do know that it's a harder problem to solve than it might
appear, because of differences in the kernel/driver interface.

There is a fellow outside of Sun who has done some good work
on this and I will contact him to see if he is in a position
to discuss it or share it.

-mg-


 From owner-bugtraq () fc net  Wed Feb 22 10:50:28 1995
 Date: Wed, 22 Feb 1995 12:35:55 -0500 (EST)
 To: bugtraq () fc net
 Subject: snooper watchers
 Precedence: bulk
 
 
 I'm doing some work for a client who has had some suggestions that they
 run a program to watch the state of ifconfig, and send mail if the
 interface ever goes promiscuous.  This works just fine under SunOS 4.x,
 however, their concern is that this does not appear to work for Solaris 2.x.
 I have noticed that snoop in promiscuous mode does not affect the 
 status from ifconfig, so the current method for looking for a 
 promiscuous interface wont do them any good.  I'll be looking into
 this, but I figured I'd ask here to see if anyone has done something
 like this.  (I haven't seen a snooper for 2.x like the SunOS one, but with
 tools like snoop, I assume that one is in the works someplace.)
 
 
 Thanks,
 Ben
 --
 Ben Taylor --- Chief Information Officer --- Smoke N' Mirrors, Inc.
 -=-=-=-=-=-=-=-  Services for Systems Integration -=-=-=-=-=-=-=-=-
 bent () snm com  "Where the impossible jobs get done!"  (703) 318-1440
            580 Herndon Pkwy, Suite 300, Herndon VA, 22070