diff options
Diffstat (limited to 'gg_sniff/README.txt')
-rw-r--r-- | gg_sniff/README.txt | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/gg_sniff/README.txt b/gg_sniff/README.txt new file mode 100644 index 0000000..dcf42e1 --- /dev/null +++ b/gg_sniff/README.txt @@ -0,0 +1,37 @@ +gg_sniff - glouglou probe client for network activity + +WARNING: Work in progress, don't expect this to work ! + +Requirements +============ + +* libglouglou +* libpcap +* libevent2 + +Installation +============ + +git clone git@meg:glouglou +cd gg_sniff +make && sudo make install + +Usage +===== + +gg_sniff -i eth0 + +Notes on architecture and security +================================== + +gg_sniff must be run as root. It drops priviledges to user _gg_sniff and chroots +into _gg_sniff user home (/var/empty). +gg_sniff does: +* configuration, glouglou server reporting, droppriv and chroot (gg_sniff.c) +* read pcapfd to capture network traffic (pcap.c) +* async DNS resolving using evdns (dns.c) + +Note that gg_sniff activates extra protections on libpcap file descriptor, by +setting it to readonly, for now on OpenBSD only. +It does so by reimplementing some of libpcap functions, see +pcap.c my_pcap_open_live() |