Re: sniffers

Jas (matt@uts.EDU.AU)
Mon, 1 May 1995 11:04:30 +1000 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Asriel DeCatte: "Re: sniffers"
Previous message: Timothy Newsham: "Re: your mail"
In reply to: Asriel DeCatte: "Re: sniffers"
Next in thread: Mr Martin J Hargreaves: "Re: sniffers"

Asriel DeCatte wrote this...

> Look for /dev/nit (Sun's network interface tap, a device that allows
> the system direct raw access to a network) if you have a Sun. I
> don't know what the correspondents to the NIT are on other systems
> (can anyone elucidate on this topic? I'm somewhat interested, since
> my proficiencies in these matters really only reside with SunOS). If
> it's there, and you believe the system it's on may have been
> comprimised, be worried.

on Solaris boxen, the network interface is accessed through
/dev/le. the le driver is dlpi compliant, which will allow you to
access certain information from it. it also creates a STREAMS stream,
so you can push handy things like bufmod pfmod onto it..

			Matt
-- 
#!/bin/sh
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D3F204445524F42snlbxq'|dc;exit
Matthew Keenan   Systems Programmer   Information Technology Division
      University of Technology     Sydney Australia

It's nice to be in a position where people apologize because they
assume there's humor in your work, based on past experience,
but they're not sure where it is. -- Rob Pike

Next message: Asriel DeCatte: "Re: sniffers"
Previous message: Timothy Newsham: "Re: your mail"
In reply to: Asriel DeCatte: "Re: sniffers"
Next in thread: Mr Martin J Hargreaves: "Re: sniffers"