From owner-freebsd-questions@FreeBSD.ORG Tue Aug 28 15:28:49 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 509BC16A417 for ; Tue, 28 Aug 2007 15:28:49 +0000 (UTC) (envelope-from yuri@darklight.org.ru) Received: from darklight.org.ru (crsd-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2d5::2]) by mx1.freebsd.org (Postfix) with ESMTP id F406313C46B for ; Tue, 28 Aug 2007 15:28:47 +0000 (UTC) (envelope-from yuri@darklight.org.ru) Received: from darklight.org.ru (yuri@darklight.org.ru [127.0.0.1]) by darklight.org.ru (8.14.1/8.14.1) with ESMTP id l7SFSUnE003070 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 28 Aug 2007 19:28:30 +0400 (MSD) (envelope-from yuri@darklight.org.ru) Received: (from yuri@localhost) by darklight.org.ru (8.14.1/8.14.1/Submit) id l7SFSUS8003069; Tue, 28 Aug 2007 19:28:30 +0400 (MSD) (envelope-from yuri@darklight.org.ru) Date: Tue, 28 Aug 2007 19:28:30 +0400 From: Yuri Pankov To: Edward Message-ID: <20070828152830.GB1338@darklight.org.ru> References: <46D40E9D.1040809@gmail.com> <003f01c7e981$3ecace80$81078c92@PC1510> <46D43CAF.4030205@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <46D43CAF.4030205@gmail.com> User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-questions@freebsd.org Subject: Re: tcpdump & process information X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2007 15:28:49 -0000 On Tue, Aug 28, 2007 at 07:18:07PM +0400, Edward wrote: > Ilias Sachpazidis пишет: >> Hi, try ettercap. < http://ettercap.sourceforge.net/> >> >> -IS >> >> --------------------------------------------------- >> Fraunhofer IGD >> Department Cognitive Computing & Medical Imaging >> >> Ilias Sachpazidis phone:+49/(0)/6151/155 507 >> Fraunhoferstr. 5 fax :+49/(0)/6151/155 480 >> D-64283 Darmstadt Ilias.Sachpazidis@igd.fhg.de >> Germany http://www.igd.fhg.de/~isachpaz >> --------------------------------------------------- >> >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org >> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Edward >> Sent: Dienstag, 28. August 2007 14:02 >> To: freebsd-questions@freebsd.org >> Subject: tcpdump & process information >> >> Hi there! >> >> Is there an utility which can work as usual tcpdump but with process >> information option? >> (or something like continually running `sockstat -46` or `fstat | grep >> internet` or `lsof -i4 -i6` ...etc) >> i.e. i wanna see which process generate network traffic to trace out some >> suspicious activity. >> it would be great if this program will be might to log all what it`ll >> capture. >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> > i saw it`s dependencies list...... > http://www.freebsd.org/cgi/ports.cgi?query=ettercap&stype=all > it requires X and so on :( threfore it`s impossible to run it on the most > of servers. You can disable building GTK2 frontend by passing WITHOUT_GTK=yes to make (or unchecking GTK option in 'make config' dialog). E.g. [/usr/ports/net-mgmt/ettercap]> make WITHOUT_GTK=yes all-depends-list /usr/ports/net/libnet /usr/ports/devel/pcre /usr/ports/converters/libiconv /usr/ports/devel/libltdl15 /usr/ports/devel/libtool15 HTH, Yuri