aboutsummaryrefslogtreecommitdiffstats
path: root/gg_sniff/README.txt
diff options
context:
space:
mode:
Diffstat (limited to 'gg_sniff/README.txt')
-rw-r--r--gg_sniff/README.txt37
1 files changed, 37 insertions, 0 deletions
diff --git a/gg_sniff/README.txt b/gg_sniff/README.txt
new file mode 100644
index 0000000..dcf42e1
--- /dev/null
+++ b/gg_sniff/README.txt
@@ -0,0 +1,37 @@
+gg_sniff - glouglou probe client for network activity
+
+WARNING: Work in progress, don't expect this to work !
+
+Requirements
+============
+
+* libglouglou
+* libpcap
+* libevent2
+
+Installation
+============
+
+git clone git@meg:glouglou
+cd gg_sniff
+make && sudo make install
+
+Usage
+=====
+
+gg_sniff -i eth0
+
+Notes on architecture and security
+==================================
+
+gg_sniff must be run as root. It drops priviledges to user _gg_sniff and chroots
+into _gg_sniff user home (/var/empty).
+gg_sniff does:
+* configuration, glouglou server reporting, droppriv and chroot (gg_sniff.c)
+* read pcapfd to capture network traffic (pcap.c)
+* async DNS resolving using evdns (dns.c)
+
+Note that gg_sniff activates extra protections on libpcap file descriptor, by
+setting it to readonly, for now on OpenBSD only.
+It does so by reimplementing some of libpcap functions, see
+pcap.c my_pcap_open_live()
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.