[1645] in bugtraq
Re: sniffers
daemon@ATHENA.MIT.EDU (Jas (Matthew K))
Sun Apr 30 23:28:03 1995
From: Jas (Matthew K) <matt@uts.EDU.AU>
To: asriel@chewy.wookie.net (Asriel DeCatte)
Date: Mon, 1 May 1995 11:04:30 +1000 (EST)
Cc: root@ee.duth.gr, bugtraq@fc.net
In-Reply-To: <199504300832.EAA31680@chewy.wookie.net> from "Asriel DeCatte" at Apr 30, 95 04:32:43 am
Asriel DeCatte wrote this...
> Look for /dev/nit (Sun's network interface tap, a device that allows
> the system direct raw access to a network) if you have a Sun. I
> don't know what the correspondents to the NIT are on other systems
> (can anyone elucidate on this topic? I'm somewhat interested, since
> my proficiencies in these matters really only reside with SunOS). If
> it's there, and you believe the system it's on may have been
> comprimised, be worried.
on Solaris boxen, the network interface is accessed through
/dev/le. the le driver is dlpi compliant, which will allow you to
access certain information from it. it also creates a STREAMS stream,
so you can push handy things like bufmod pfmod onto it..
Matt
--
#!/bin/sh
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D3F204445524F42snlbxq'|dc;exit
Matthew Keenan Systems Programmer Information Technology Division
University of Technology Sydney Australia
It's nice to be in a position where people apologize because they
assume there's humor in your work, based on past experience,
but they're not sure where it is. -- Rob Pike
