[1060] in bugtraq
Re: snooper watchers
daemon@ATHENA.MIT.EDU (Charles Stephens)
Thu Feb 23 20:01:30 1995
From: "Charles Stephens" <cfs@emory.edu>
Date: Thu, 23 Feb 1995 19:04:16 -0500
In-Reply-To: Casper Dik <casper@fwi.uva.nl>
"Re: snooper watchers" (Feb 22, 10:53pm)
To: bugtraq@fc.net
On Feb 22, 10:53pm, Casper Dik (casper@fwi.uva.nl) wrote:
> Subject: Re: snooper watchers
>
> > I'm doing some work for a client who has had some suggestions that they
> > run a program to watch the state of ifconfig, and send mail if the
> > interface ever goes promiscuous. This works just fine under SunOS 4.x,
> > however, their concern is that this does not appear to work for Solaris
2.x.
> > I have noticed that snoop in promiscuous mode does not affect the
> > status from ifconfig, so the current method for looking for a
> > promiscuous interface wont do them any good. I'll be looking into
> > this, but I figured I'd ask here to see if anyone has done something
> > like this. (I haven't seen a snooper for 2.x like the SunOS one, but with
> > tools like snoop, I assume that one is in the works someplace.)
>
>
> What works under Solaris 2.x is using lsof on the network pseudo
> devices. It will show you all the snoopers, but not whether the
> interface is promiscuous or not. The same method also works under
> SunOS 4.1.x.
>
> BTW, snoopers for Solaris 2.x do exist and are out there.
>
> Casper
>-- End of excerpt from Casper Dik
Like /usr/sbin/snoop? :}
cfs
--
/-------------------\ Charles "Cyber-Buddah" Stephens
| HELLO, my name is | UNIX Systems Administrator
|-------------------| Network Systems/Open Systems Group,
| cfs@emory.edu | Information Technology Division,
| Charles Stephens | Emory University, Atlanta, Georgia, USA
| | "You shall soon achieve perfection." -Fortune Cookie
\-------------------/ http://userwww.service.emory.edu/~cfs
