Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP SYN probe detection tool available

From: brian () saturn net (Brian Mitchell)
Date: Wed, 15 May 1996 03:25:52 -0400

On Tue, 14 May 1996, Doug Hughes wrote:


In light of the recent revival of interest in the TCP SYN probe
that were undetected by conventional daemon means (e.g. klaxon),
I wrote a promiscuous network monitor that runs as a packet filter
and will catch any packet on the network that matches services
that are given to the program as command line arguments. So far
it runs on SunOS4.1.X (NIT) and Solaris2.X(DLPI). Individuals
interested in running it on other architectures would need to
do some porting. The DLPI code should be portable to other DLPI
implementations. On SunOS and Solaris all you have to do is type
Make. The README explains options, history, and implementation.




This is a good idea. I have also written a similar tool, although mine
logs all syn packets. It uses the libpcap interface. Should compile under
linux, freebsd, irix, sunos, solaris, etc. It is available at
http://www.saturn.net/~brian/files/clog-001.tar.gz (libpcap is not
included with the distribution).

Brian Mitchell                  brian () saturn net
Public key available            http://www.saturn.net/~brian/pubkey

"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman
Previous By Date Next
Previous By Thread Next

Current thread: