path: root/gg_sniff/README.txt
diff options
Diffstat (limited to 'gg_sniff/README.txt')
1 files changed, 37 insertions, 0 deletions
diff --git a/gg_sniff/README.txt b/gg_sniff/README.txt
new file mode 100644
index 0000000..dcf42e1
--- /dev/null
+++ b/gg_sniff/README.txt
@@ -0,0 +1,37 @@
+gg_sniff - glouglou probe client for network activity
+WARNING: Work in progress, don't expect this to work !
+* libglouglou
+* libpcap
+* libevent2
+git clone git@meg:glouglou
+cd gg_sniff
+make && sudo make install
+gg_sniff -i eth0
+Notes on architecture and security
+gg_sniff must be run as root. It drops priviledges to user _gg_sniff and chroots
+into _gg_sniff user home (/var/empty).
+gg_sniff does:
+* configuration, glouglou server reporting, droppriv and chroot (gg_sniff.c)
+* read pcapfd to capture network traffic (pcap.c)
+* async DNS resolving using evdns (dns.c)
+Note that gg_sniff activates extra protections on libpcap file descriptor, by
+setting it to readonly, for now on OpenBSD only.
+It does so by reimplementing some of libpcap functions, see
+pcap.c my_pcap_open_live()