From 219a6f3c65800b71d02941302e5b31861ef2739a Mon Sep 17 00:00:00 2001
From: Laurent Ghigonis <laurent@p1sec.com>
Date: Sun, 2 Dec 2012 22:52:32 +0100
Subject: work in progress on gg_sniff

---
 gg_sniff/README.txt | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 gg_sniff/README.txt

(limited to 'gg_sniff/README.txt')

diff --git a/gg_sniff/README.txt b/gg_sniff/README.txt
new file mode 100644
index 0000000..dcf42e1
--- /dev/null
+++ b/gg_sniff/README.txt
@@ -0,0 +1,37 @@
+gg_sniff - glouglou probe client for network activity
+
+WARNING: Work in progress, don't expect this to work !
+
+Requirements
+============
+
+* libglouglou
+* libpcap
+* libevent2
+
+Installation
+============
+
+git clone git@meg:glouglou
+cd gg_sniff
+make && sudo make install
+
+Usage
+=====
+
+gg_sniff -i eth0
+
+Notes on architecture and security
+==================================
+
+gg_sniff must be run as root. It drops priviledges to user _gg_sniff and chroots
+into _gg_sniff user home (/var/empty).
+gg_sniff does:
+* configuration, glouglou server reporting, droppriv and chroot (gg_sniff.c)
+* read pcapfd to capture network traffic (pcap.c)
+* async DNS resolving using evdns (dns.c)
+
+Note that gg_sniff activates extra protections on libpcap file descriptor, by
+setting it to readonly, for now on OpenBSD only.
+It does so by reimplementing some of libpcap functions, see
+pcap.c my_pcap_open_live()
-- 
cgit v1.2.3-59-g8ed1b