Bugtraq: Re: Packet Tracing (linux klog patch)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Packet Tracing (linux klog patch)

From: abial () WEBGIRO COM (Andrzej Bialecki)
Date: Tue, 15 Feb 2000 23:32:08 +0100


On Sat, 12 Feb 2000, Dragos Ruiu wrote:

How to use it:
-This patch makes the kernel log all ethernet packets to syslog.
-The logging happens at the default level.  I.e. normally on.
-You can turn logging on and off at the console by using the Magic SysRq key
 and a number to change the logging level.
-Put the interface into promiscuous mode: ifconfig eth0 promisc

Notes:
-It makes a neat hotkey sniffer when using the text console too.
-It seems to run pretty fast. Any benchmark data welcome(-->dr () dursec com).
-try a tail -f /var/log/messages for real time display


I was wondering... Are you sure it doesn't overrun the kernel message
buffer? I noticed that sometimes, when you produce tons of messages from
within the kernel, some of them are lost.

I would rather use package as NeTraMet for doing this - it also does very
nice traffic compression in the form of flows - very fast, extremely
flexible, uses standard libpcap, doesn't require kernel patching etc...

Andrzej Bialecki

//  <abial () webgiro com> WebGiro AB, Sweden (http://www.webgiro.com)
// -------------------------------------------------------------------
// ------ FreeBSD: The Power to Serve. http://www.freebsd.org --------
// --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ ----

By Date By Thread

Current thread:

Re: 'cross site scripting' CERT advisory and MS, (continued)