In light of the recent revival of interest in the TCP SYN probe
that were undetected by conventional daemon means (e.g. klaxon),
I wrote a promiscuous network monitor that runs as a packet filter
and will catch any packet on the network that matches services
that are given to the program as command line arguments. So far
it runs on SunOS4.1.X (NIT) and Solaris2.X(DLPI). Individuals
interested in running it on other architectures would need to
do some porting. The DLPI code should be portable to other DLPI
implementations. On SunOS and Solaris all you have to do is type
Make. The README explains options, history, and implementation.
Sample usage:
./tocsin tcpmux rje courier rmonitor link ttylink supdup
It automatically backgrounds itself (unless run in debug mode).
There is also a compile time option that will make it only match
packets to the destination network that the program is listening
on.
availability:
ftp.eng.auburn.edu:pub/doug/tocsin.tar.gz
http://www.eng.auburn.edu/users/doug/second.html
Received on May 14 1996
Intro
