Bugtraq mailing list archives
Re: snooper watchers
From: casper () fwi uva nl (Casper Dik)
Date: Wed, 22 Feb 1995 22:53:21 +0100
I'm doing some work for a client who has had some suggestions that they run a program to watch the state of ifconfig, and send mail if the interface ever goes promiscuous. This works just fine under SunOS 4.x, however, their concern is that this does not appear to work for Solaris 2.x. I have noticed that snoop in promiscuous mode does not affect the status from ifconfig, so the current method for looking for a promiscuous interface wont do them any good. I'll be looking into this, but I figured I'd ask here to see if anyone has done something like this. (I haven't seen a snooper for 2.x like the SunOS one, but with tools like snoop, I assume that one is in the works someplace.)
What works under Solaris 2.x is using lsof on the network pseudo devices. It will show you all the snoopers, but not whether the interface is promiscuous or not. The same method also works under SunOS 4.1.x. BTW, snoopers for Solaris 2.x do exist and are out there. Casper
Current thread:
- Re: snooper watchers Mark Graff (Feb 22)
- Re: snooper watchers Casper Dik (Feb 22)
- Re: snooper watchers Ben Taylor (Feb 22)
- Re: snooper watchers Casper Dik (Feb 23)
- Re: lsof on Solaris 2.4 (was snooper watchers ) Dave Goldberg (Feb 23)
- <Possible follow-ups>
- Re: snooper watchers John Adams (Feb 23)
- Re: snooper watchers Julian Assange (Feb 23)
- Re: snooper watchers Karl Strickland (Feb 28)
- Re: snooper watchers Julian Assange (Feb 28)
- Re: snooper watchers Julian Assange (Feb 23)
- Re: snooper watchers Ben Taylor (Feb 24)
- Re: snooper watchers Charles Stephens (Feb 23)
- Re: snooper watchers mascarkp () cc3 adams edu (Feb 24)