Re: snooper watchers

[cfs () emory edu (Charles Stephens)]

On Feb 22, 10:53pm, Casper Dik (casper () fwi uva nl) wrote:
> Subject: Re: snooper watchers
>
> > I'm doing some work for a client who has had some suggestions that they
> > run a program to watch the state of ifconfig, and send mail if the
> > interface ever goes promiscuous.  This works just fine under SunOS 4.x,
> > however, their concern is that this does not appear to work for Solaris
2.x.
> > I have noticed that snoop in promiscuous mode does not affect the
> > status from ifconfig, so the current method for looking for a
> > promiscuous interface wont do them any good.  I'll be looking into
> > this, but I figured I'd ask here to see if anyone has done something
> > like this.  (I haven't seen a snooper for 2.x like the SunOS one, but with
> > tools like snoop, I assume that one is in the works someplace.)
>
>
> What works under Solaris 2.x is using lsof on the network pseudo
> devices.  It will show you all the snoopers, but not whether the
> interface is promiscuous or not.  The same method also works under
> SunOS 4.1.x.
>
> BTW, snoopers for Solaris 2.x do exist and are out there.
>
> Casper
> -- End of excerpt from Casper Dik

Like /usr/sbin/snoop?  :}

cfs



-- 
/-------------------\  Charles "Cyber-Buddah" Stephens
| HELLO, my name is |  UNIX Systems Administrator
|-------------------|  Network Systems/Open Systems Group,
|  cfs () emory edu    |  Information Technology Division,
| Charles Stephens  |  Emory University, Atlanta, Georgia, USA
|                   |  "You shall soon achieve perfection."  -Fortune Cookie
\-------------------/     http://userwww.service.emory.edu/~cfs