|
Bugtraq
mailing list archives
Re: snooper watchers
From: bent () snm com (Ben Taylor)
Date: Wed, 22 Feb 1995 17:37:20 -0500 (EST)
On Wed, 22 Feb 1995, Mark Graff wrote:
Internally, we've been looking into a couple of possibilities.
I don't know whether a decision has been made as to what to do;
I do know that it's a harder problem to solve than it might
appear, because of differences in the kernel/driver interface.
That is apparent. The fact that snoop doesn't trip the promiscious
mode for ifconfig is what bothered me. A preliminary truss of snoop
showed it opening /dev/udp. The problem I'm also running into is
that lsof does not appear to work under 2.4, as some internal file
structures have changed. Someone has suggested doing some filtering
on lsof output, as a way of keeping an eye out.
There is a fellow outside of Sun who has done some good work
on this and I will contact him to see if he is in a position
to discuss it or share it.
That would greatly appreciated.
-mg-
Ben Taylor --- Chief Information Officer --- Smoke N' Mirrors, Inc.
-=-=-=-=-=-=-=- Services for Systems Integration -=-=-=-=-=-=-=-=-
bent () snm com "Where the impossible jobs get done!" (703) 318-1440
580 Herndon Pkwy, Suite 300, Herndon VA, 22070
 By Date 
By Thread
Current thread:
| 
Intro
