[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: sniffing
From:       Jamshid Abedi <jabedi () u235 ! newyorkview ! com>
Date:       1997-01-20 19:19:10
[Download RAW message or body]


On Mon, 20 Jan 1997, Francesc Guasch wrote:

> I'm asked to monitorize what the hell an user does in his
> working time. I gotta now what he does in the http and irc ports.
> My problem is that he's in an area where there is no firewall
> so no proxy can be used.
> I guess my other alternative is sniffing. I remember a program
> called tcp-dump. I'd like anything that can run on a linux or sparc.
> any hints ?

Solaris comes standard with a tool called 'snoop'. You can also use
'sniffit' found @ http://reptile.rug.ac.be/~coder/sniffit/sniffit.html. 
Tcpdump used in combo with a HEX to ASCII translator like tcpshow would
also work really well. You could also modify a linux/solaris passwd
sniffer such as linsniff.c/solsniffer.c to listen up to a certain byte
count on the irc and http ports.


Jamshid Abedi / jabedi@newyorkview.com  
http://titanium.newyorkview.com/~jabedi/pgp.html
KeyID 1024/D17B7269

[prev in list] [next in list] [prev in thread] [next in thread]