From owner-freebsd-questions  Fri Dec  4 04:05:30 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA24542
          for freebsd-questions-outgoing; Fri, 4 Dec 1998 04:05:30 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from righi.ml.org (RIGHI.DF.UNIBO.IT [137.204.49.17])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA24215
          for <freebsd-questions@FreeBSD.ORG>; Fri, 4 Dec 1998 04:05:18 -0800 (PST)
          (envelope-from riccardo@righi.ml.org)
Received: from localhost (riccardo@localhost)
	by righi.ml.org (8.9.1/8.9.1) with ESMTP id MAA06861;
	Fri, 4 Dec 1998 12:31:54 +0100 (CET)
	(envelope-from riccardo@righi.ml.org)
Date: Fri, 4 Dec 1998 12:31:53 +0100 (CET)
From: Riccardo Veraldi <riccardo@righi.ml.org>
To: Doug White <dwhite@resnet.uoregon.edu>
cc: jm7996@devrycols.edu, Roman Katsnelson <roman@atlas-design.net>,
        Ben Smithurst <ben@scientia.demon.co.uk>,
        "q's" <freebsd-questions@FreeBSD.ORG>
Subject: my sniffer -> interesting for PORTS ?
In-Reply-To: <Pine.BSF.4.03.9812031212020.12937-100000@resnet.uoregon.edu>
Message-ID: <Pine.BSF.4.05.9812041228130.6678-100000@righi.ml.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


I resolved the problem of the sniffer.
I just took the linuxniffer.c program and modifyed it.

Now I run the tcpdump and make the results of raw data packets go to
standard output.
then my sniffer program reads the output of tcpdump and
it sniffs (on the way I set it) on ports 21 and 23 sniffing
logins and passwords and writing it into a file together with the two
hosts source and destination.
So now I have a good sniffer I think.
Could it be interesting as a FreeBSD specific application to sniff the
network ???
anyone interested in it ??
thanks

Rick


On Thu, 3 Dec 1998, Doug White wrote:

> On Thu, 3 Dec 1998, James A. Mutter wrote:
> 
> > > No, I was saying that we already have a custom kernel. And it was kind
> > > of a pain to compile, and it finally works and I'd just rather not touch
> > > it. But I guess I *could* keep it around anyway. I don't know. But do I
> > > understand correctly, tcpdump doesn't need any additions to the kernel?
> > > It just needs to be setuid root? 
> > 
> > No - tcpdump requires that the NIC be in promiscous mode.  You need to
> > enable bpfilter in the kernel - there just isn't any way around it.
> 
> [pedantic mode ON]
> 
> Actually, tcpdump will be perfectly happy in normal mode; you'll only see
> broadcast packets and packets destined for the local host.  See the -p
> option.  That doesn't prevent other processes from putting the NIC in
> promiscuous mode, however; it just squashes the ioctl.
> 
> Doug White                               
> Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
> http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message