Bugtraq mailing list archives
Re: snooper watchers
From: casper () fwi uva nl (Casper Dik)
Date: Thu, 23 Feb 1995 10:11:50 +0100
On Wed, 22 Feb 1995, Mark Graff wrote:Internally, we've been looking into a couple of possibilities. I don't know whether a decision has been made as to what to do; I do know that it's a harder problem to solve than it might appear, because of differences in the kernel/driver interface.That is apparent. The fact that snoop doesn't trip the promiscious mode for ifconfig is what bothered me. A preliminary truss of snoop showed it opening /dev/udp. The problem I'm also running into is that lsof does not appear to work under 2.4, as some internal file structures have changed. Someone has suggested doing some filtering on lsof output, as a way of keeping an eye out.
The kernel doesn't keep the PROMISC flag where ifconfig can easily find it in Solaris 2.x. Snoop opens /dev/udp primarily to do hostname resolution, I think. (opening /dev/udp is needed when making udp sockets) /dev/le, /dev/qe, /dev/ie and /dev/be are the devices to watch (and whatever the fddi and ATM cards use as devices) Lsof should work under 2.4, you just have to grab the latest version and recompile for 2.4. Some things changed but i got it to work alright. Casper
Current thread:
- Re: snooper watchers Mark Graff (Feb 22)
- Re: snooper watchers Casper Dik (Feb 22)
- Re: snooper watchers Ben Taylor (Feb 22)
- Re: snooper watchers Casper Dik (Feb 23)
- Re: lsof on Solaris 2.4 (was snooper watchers ) Dave Goldberg (Feb 23)
- <Possible follow-ups>
- Re: snooper watchers John Adams (Feb 23)
- Re: snooper watchers Julian Assange (Feb 23)
- Re: snooper watchers Karl Strickland (Feb 28)
- Re: snooper watchers Julian Assange (Feb 28)
- Re: snooper watchers Julian Assange (Feb 23)
- Re: snooper watchers Ben Taylor (Feb 24)
- Re: snooper watchers Charles Stephens (Feb 23)
- Re: snooper watchers mascarkp () cc3 adams edu (Feb 24)
- Re: snooper watchers Eiji Hirai (Feb 24)
- Re: snooper watchers Gene Rackow (Feb 25)