From owner-freebsd-security  Wed Dec  1 13:23:39 1999
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id EBE0814C26; Wed,  1 Dec 1999 13:23:37 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id DDBAA1CD80F; Wed,  1 Dec 1999 13:23:37 -0800 (PST)
	(envelope-from kris@hub.freebsd.org)
Date: Wed, 1 Dec 1999 13:23:37 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: Jason Hudgins <thanatos@incantations.net>
Cc: freebsd-security@freebsd.org
Subject: Re: logging a telnet session
In-Reply-To: <Pine.BSF.4.10.9912011445290.8128-100000@eddie.incantations.net>
Message-ID: <Pine.BSF.4.21.9912011322120.26230-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 1 Dec 1999, Jason Hudgins wrote:

> Setting up a second box to run a sniffer is a little extreme.  Just
> creating a modified ps would be easier.  I'm not really wanting to
> do either of those however, I just wanted something quick that i could
> throw together using already developed apps.  I haven't found a 
> packet sniffer that I really like yet.  I tried sniff, but it wasn't
> very useful, tcpdump is a little too raw.  Does anyone know of a clean &
> configurable packet sniffer?

ethereal?

The problem with using the cracked box to watch itself is kind of obvious
given that your intruder has the same level of privileges as you do. You
really want to be doing this from a safe secondary system.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message