[13864] in bugtraq
Re: Packet Tracing (linux klog patch)
daemon@ATHENA.MIT.EDU (Andrzej Bialecki)
Thu Feb 17 01:39:09 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.20.0002152327130.61203-100000@mx.webgiro.com>
Date: Tue, 15 Feb 2000 23:32:08 +0100
Reply-To: Andrzej Bialecki <abial@WEBGIRO.COM>
From: Andrzej Bialecki <abial@WEBGIRO.COM>
X-To: Dragos Ruiu <dr@DURSEC.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <0002121952193T.02552@smp>
On Sat, 12 Feb 2000, Dragos Ruiu wrote:
> How to use it:
> -This patch makes the kernel log all ethernet packets to syslog.
> -The logging happens at the default level. I.e. normally on.
> -You can turn logging on and off at the console by using the Magic SysRq key
> and a number to change the logging level.
> -Put the interface into promiscuous mode: ifconfig eth0 promisc
>
> Notes:
> -It makes a neat hotkey sniffer when using the text console too.
> -It seems to run pretty fast. Any benchmark data welcome(-->dr@dursec.com).
> -try a tail -f /var/log/messages for real time display
I was wondering... Are you sure it doesn't overrun the kernel message
buffer? I noticed that sometimes, when you produce tons of messages from
within the kernel, some of them are lost.
I would rather use package as NeTraMet for doing this - it also does very
nice traffic compression in the form of flows - very fast, extremely
flexible, uses standard libpcap, doesn't require kernel patching etc...
Andrzej Bialecki
// <abial@webgiro.com> WebGiro AB, Sweden (http://www.webgiro.com)
// -------------------------------------------------------------------
// ------ FreeBSD: The Power to Serve. http://www.freebsd.org --------
// --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ ----
