From owner-freebsd-questions@FreeBSD.ORG Wed Aug 29 12:07:38 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E0E3D16A418 for ; Wed, 29 Aug 2007 12:07:38 +0000 (UTC) (envelope-from edward.polinsky@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189]) by mx1.freebsd.org (Postfix) with ESMTP id 4DA3013C47E for ; Wed, 29 Aug 2007 12:07:38 +0000 (UTC) (envelope-from edward.polinsky@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so132745nfb for ; Wed, 29 Aug 2007 05:07:23 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:disposition-notification-to:date:from:reply-to:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=hhhadmTlrbmw+0XtObygvpVox5Bry9tLN0KYcBUvvdCwx/yVXavTtQVC8Oo18/CQxJRVwXMR64Cg6RWJ/l0eg9wFreL8u1ONCrvX/SoH//rLsRrGhsMfYmZdQ3CGwadJa9tVasjXFdMbJjVPJYgGkGuOU+YtaNBRGOjjhGltlUg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:disposition-notification-to:date:from:reply-to:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=EytJ2YpemSYmiZyV4PqWrlsdl+UMvBg6rcVyMHt48XuenJ49iiDbJ7v7iB1EPwphMcbvFNJxSa66VfyLO3jvLnOtvMR3Ixte/Jojl4dxmkSOqP1XDlNlQvB+DT4jaYCnLkR113GJPfu3r143QPmbrT5rxNEPaUJu1XfbUmhaR7c= Received: by 10.78.171.20 with SMTP id t20mr311686hue.1188389242614; Wed, 29 Aug 2007 05:07:22 -0700 (PDT) Received: from ?192.168.0.100? ( [81.195.230.194]) by mx.google.com with ESMTPS id 33sm5880711hue.2007.08.29.05.07.18 (version=SSLv3 cipher=RC4-MD5); Wed, 29 Aug 2007 05:07:21 -0700 (PDT) Message-ID: <46D56173.9060604@gmail.com> Date: Wed, 29 Aug 2007 16:07:15 +0400 From: Edward User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <46D40E9D.1040809@gmail.com> <003f01c7e981$3ecace80$81078c92@PC1510> <46D43CAF.4030205@gmail.com> <20070828152830.GB1338@darklight.org.ru> In-Reply-To: <20070828152830.GB1338@darklight.org.ru> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: tcpdump & process information X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: edward.polinsky@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2007 12:07:39 -0000 Yuri Pankov пишет: > On Tue, Aug 28, 2007 at 07:18:07PM +0400, Edward wrote: > >> Ilias Sachpazidis пишет: >> >>> Hi, try ettercap. < http://ettercap.sourceforge.net/> >>> >>> -IS >>> >>> --------------------------------------------------- >>> Fraunhofer IGD >>> Department Cognitive Computing & Medical Imaging >>> >>> Ilias Sachpazidis phone:+49/(0)/6151/155 507 >>> Fraunhoferstr. 5 fax :+49/(0)/6151/155 480 >>> D-64283 Darmstadt Ilias.Sachpazidis@igd.fhg.de >>> Germany http://www.igd.fhg.de/~isachpaz >>> --------------------------------------------------- >>> >>> -----Original Message----- >>> From: owner-freebsd-questions@freebsd.org >>> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Edward >>> Sent: Dienstag, 28. August 2007 14:02 >>> To: freebsd-questions@freebsd.org >>> Subject: tcpdump & process information >>> >>> Hi there! >>> >>> Is there an utility which can work as usual tcpdump but with process >>> information option? >>> (or something like continually running `sockstat -46` or `fstat | grep >>> internet` or `lsof -i4 -i6` ...etc) >>> i.e. i wanna see which process generate network traffic to trace out some >>> suspicious activity. >>> it would be great if this program will be might to log all what it`ll >>> capture. >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to >>> "freebsd-questions-unsubscribe@freebsd.org" >>> >>> >> i saw it`s dependencies list...... >> http://www.freebsd.org/cgi/ports.cgi?query=ettercap&stype=all >> it requires X and so on :( threfore it`s impossible to run it on the most >> of servers. >> > > You can disable building GTK2 frontend by passing WITHOUT_GTK=yes to make (or > unchecking GTK option in 'make config' dialog). > > E.g. > [/usr/ports/net-mgmt/ettercap]> make WITHOUT_GTK=yes all-depends-list > /usr/ports/net/libnet > /usr/ports/devel/pcre > /usr/ports/converters/libiconv > /usr/ports/devel/libltdl15 > /usr/ports/devel/libtool15 > > > HTH, > Yuri > > sorry, but i can`t see any process information in ettercap`s output. And ettercap is really dangerous progie(of course it requires root privileges, but if my machine will be compromised it can make attacker`s life a bit easier) any alternatives to ettercap?