diff options
author | Laurent Ghigonis <laurent@p1sec.com> | 2012-12-02 22:52:32 +0100 |
---|---|---|
committer | Laurent Ghigonis <laurent@p1sec.com> | 2012-12-02 22:52:32 +0100 |
commit | 219a6f3c65800b71d02941302e5b31861ef2739a (patch) | |
tree | b1b8fe4bc0e3060501f85188f35396feda624568 /gg_sniff/README.txt | |
parent | oops, fix _gg_trackproc user (diff) | |
download | glouglou-219a6f3c65800b71d02941302e5b31861ef2739a.tar.xz glouglou-219a6f3c65800b71d02941302e5b31861ef2739a.zip |
work in progress on gg_sniff
Diffstat (limited to 'gg_sniff/README.txt')
-rw-r--r-- | gg_sniff/README.txt | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/gg_sniff/README.txt b/gg_sniff/README.txt new file mode 100644 index 0000000..dcf42e1 --- /dev/null +++ b/gg_sniff/README.txt @@ -0,0 +1,37 @@ +gg_sniff - glouglou probe client for network activity + +WARNING: Work in progress, don't expect this to work ! + +Requirements +============ + +* libglouglou +* libpcap +* libevent2 + +Installation +============ + +git clone git@meg:glouglou +cd gg_sniff +make && sudo make install + +Usage +===== + +gg_sniff -i eth0 + +Notes on architecture and security +================================== + +gg_sniff must be run as root. It drops priviledges to user _gg_sniff and chroots +into _gg_sniff user home (/var/empty). +gg_sniff does: +* configuration, glouglou server reporting, droppriv and chroot (gg_sniff.c) +* read pcapfd to capture network traffic (pcap.c) +* async DNS resolving using evdns (dns.c) + +Note that gg_sniff activates extra protections on libpcap file descriptor, by +setting it to readonly, for now on OpenBSD only. +It does so by reimplementing some of libpcap functions, see +pcap.c my_pcap_open_live() |