From owner-freebsd-questions  Wed Jan 17 17:43:09 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id RAA26178
          for questions-outgoing; Wed, 17 Jan 1996 17:43:09 -0800 (PST)
Received: from terra.aros.net (terra.aros.net [205.164.111.10])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id RAA26167
          for <questions@freebsd.org>; Wed, 17 Jan 1996 17:43:02 -0800 (PST)
Received: (from angio@localhost) by terra.aros.net (8.6.12/8.6.12) id SAA14932; Wed, 17 Jan 1996 18:42:55 -0700
From: Dave Andersen <angio@aros.net>
Message-Id: <199601180142.SAA14932@terra.aros.net>
Subject: Re: ethernet packet sniffer.
To: ANDRSN@HOOVER.STANFORD.EDU (Annelise Anderson)
Date: Wed, 17 Jan 1996 18:42:55 -0700 (MST)
Cc: questions@freebsd.org
In-Reply-To: <01I04ED7J0MA00AKNQ@HOOVER.STANFORD.EDU> from "Annelise Anderson" at Jan 17, 96 03:36:53 pm
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-questions@freebsd.org
Precedence: bulk

Lo and behold, Annelise Anderson once said:
> 
> It sounds like the sys admin--or anyone with root privileges--can
> read absolutely everything going on--all e-mail in and out, all
> keyboard activity, and so forth.  Is this right?  Thanks
> Annelise

   Completely correct.  The biggest risk is that if one of the machines 
on your network is compromised, you can sniff passwords in the clear 
across the local ethernet.  Not a pretty situation. :)  Switched 
ethernets are a bit better, but still not perfect.
 
   Actually reading & interpreting all of that material is a pain in the 
butt, but there are tools out there which can do it.

EnGarde (http://www.EnGarde.com/) has several tools along these lines, 
some free, some commercial.  ttywatcher can snoop to an extent 
(ftp://coast.cs.purdue.edu/pub/tools/unix/ttywatcher/) or their 
commercial IP-watcher, which can also take over a session remotely and do 
other neat tricks.

(I'm not affiliated with them, I've just seen their web pages before)

   -Dave Andersen

-- 
angio@aros.net                Complete virtual hosting and business-oriented
system administration         Internet services.  (WWW, FTP, email)
http://www.aros.net/          http://www.aros.net/about/virtual/
  "There are only two industries that refer to thier customers as 'users'."