Bugtraq mailing list archives

Re: Packet Tracing (linux klog patch)

From: abial () WEBGIRO COM (Andrzej Bialecki)
Date: Tue, 15 Feb 2000 23:32:08 +0100


On Sat, 12 Feb 2000, Dragos Ruiu wrote:

How to use it:
-This patch makes the kernel log all ethernet packets to syslog.
-The logging happens at the default level.  I.e. normally on.
-You can turn logging on and off at the console by using the Magic SysRq key
 and a number to change the logging level.
-Put the interface into promiscuous mode: ifconfig eth0 promisc

Notes:
-It makes a neat hotkey sniffer when using the text console too.
-It seems to run pretty fast. Any benchmark data welcome(-->dr () dursec com).
-try a tail -f /var/log/messages for real time display


I was wondering... Are you sure it doesn't overrun the kernel message
buffer? I noticed that sometimes, when you produce tons of messages from
within the kernel, some of them are lost.

I would rather use package as NeTraMet for doing this - it also does very
nice traffic compression in the form of flows - very fast, extremely
flexible, uses standard libpcap, doesn't require kernel patching etc...

Andrzej Bialecki

//  <abial () webgiro com> WebGiro AB, Sweden (http://www.webgiro.com)
// -------------------------------------------------------------------
// ------ FreeBSD: The Power to Serve. http://www.freebsd.org --------
// --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ ----

Current thread:

Reminder: BOF on Distributed DoS, San Jose 2/7/00, (continued)
- - - Reminder: BOF on Distributed DoS, San Jose 2/7/00 David Kennedy CISSP (Feb 06)
    - Infosec.20000207.axis700.a Vitek, Ian (Feb 07)
    - Re: Evil Cookies. Thomas Reinke (Feb 04)
    - Re: Evil Cookies. Dylan Griffiths (Feb 07)
    - 'cross site scripting' CERT advisory and MS Eric Lecht (Feb 08)
    - Re: 'cross site scripting' CERT advisory and MS Dustin Miller (Feb 09)
    - Re: 'cross site scripting' CERT advisory and MS David LeBlanc (Feb 10)
    - Re: 'cross site scripting' CERT advisory and MS Marc Slemko (Feb 11)
    - Re: 'cross site scripting' CERT advisory and MS Rishi Lee Khan (Feb 14)
    - Packet Tracing (linux klog patch) Dragos Ruiu (Feb 12)
    - Re: Packet Tracing (linux klog patch) Andrzej Bialecki (Feb 15)
    - Re: Packet Tracing (linux klog patch) Dragos Ruiu (Feb 17)
    - Re: Packet Tracing (linux klog patch) Andrzej Bialecki (Feb 17)
    - crash windows boxes on your local network (twinge.c) sinkhole () NILL NET (Feb 10)
    - Re: crash windows boxes on your local network (twinge.c) Elias Levy (Feb 14)
    - DDOS Attack Mitigation Elias Levy (Feb 11)
    - TESO - Nameserver traffic amplify and NS route discovery Sebastian (Feb 12)
    - Re: DDOS Attack Mitigation Darren Reed (Feb 13)
    - Re: DDOS Attack Mitigation Alan Brown (Feb 14)
    - Re: DDOS Attack Mitigation Darren Reed (Feb 14)
    - NetBSD Security Advisory 1999-012 Daniel Carosone (Feb 15)

(Thread continues...)