Date: Thu, 9 Aug 2001 23:06:51 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Wing Tim <twchim1@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Snoop configuration Message-ID: <Pine.BSF.4.21.0108092257190.33792-100000@ren.sasknow.com> In-Reply-To: <F212YFkuutSgcOrBLSA00004b8e@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Wing Tim wrote to ryan@sasknow.com: > Hi, Ryan, > > My computer that has FreeBSD installed has 2 ethernet card - one > connects to the Internet and the other connects to a WaveLAN > transmitter. Can I treat this WaveLAN transmitter as a tty and > snoop the data onto it? No. snp(4) devices are especially designed for watching ttys. If you want to monitor raw network traffic, tcpdump(1) is what you want. (I believe that was suggested earlier in this thread, but, for some reason, it seemed like you wanted to watch ttys). Running tcpdump(1) puts the specified network interface into promiscuous mode, which allows the kernel to grab the transmitted packets. tcpdump(1) has several options to control, filter, and format its output, but, the basic syntax of it is: tcpdump -i /dev/eth0 Where "eth0" is the device name of your network interface card. Run ifconfig -a to get the device names of your network cards if you aren't sure. You will want to read the man page for tcpdump to fine tune it to output the data that you want. Myself, and others on this list can probably help you to control the output of tcpdump, if we know exactly what you need displayed. So, again, in short... If you want to watch terminals, to see what shell users are doing on your machine (this has plenty of uses.. technical support, troubleshooting, monitoring), then you want to use snp(4) and watch(8). If, on the other hand, you want to monitor network traffic (identifying network attacks, verifying firewall functionality, troubleshooting network services, looking at physical packet flow, etc), then tcpdump(1) is the answer. > Thanks! > > Regards, > Wing > > > > >From: Ryan Thompson <ryan@sasknow.com> > >To: Wing Tim <twchim1@hotmail.com> > >CC: alex@big-blue.net, bwatts@corp.netcom.ca, freebsd-questions@FreeBSD.ORG > >Subject: Re: Snoop configuration > >Date: Thu, 9 Aug 2001 21:54:43 -0600 (CST) > > > >Wing Tim wrote to alex@big-blue.net: > > > > > Hi, > > > Thank you very much! The snoop has started in my machine. > > > After typing "sh MAKEDEV snp0", it asked me to enter a device name, > >what > > > should I input? I input "snp0" but the error "watch: fatal: cannot > >attach to > > > tty" occurs. What does that "device name" mean actually? Is that the > >device > > > that buffers data? > > > By the way, according to my understanding, snoop protocol is something > > > that buffering data in a certain device. Does snoop in FreeBSD have > >similar > > > function? > > > > > >Hi Wing, > > > >Now that you've got the devices created, you need to tell watch(8) which > >tty you want to snoop on. It helps if you run the command "who" (or > >"finger", or "w" if you prefer), to see who is on-line, and on which ttys. > > > >root# who > >root ttyv0 Aug 8 12:03 > >ryan ttyv1 Aug 8 10:09 > >ryan ttyv3 Jul 27 10:41 > >darren ttyp0 Aug 7 13:31 > >wayne ttyp1 Aug 5 17:43 > > > >If you want to snoop on darren, who is logged on to "ttyp0", just enter > >"ttyp0" as the device to snoop in watch(8): > > > >root# watch ttyp0 > > > > > > > > > Thanks! > > > > > > Regards, > > > Wing > > > >-- > > Ryan Thompson <ryan@sasknow.com> > > Network Administrator, Accounts > > > > SaskNow Technologies - http://www.sasknow.com > > #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 > > > > Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon > > Toll-Free: 877-727-5669 (877-SASKNOW) North America > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > -- Ryan Thompson <ryan@sasknow.com> Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0108092257190.33792-100000>