blob: dcf42e1b5719a6608c4e8f9074a75edbfad7b670 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
gg_sniff - glouglou probe client for network activity
WARNING: Work in progress, don't expect this to work !
Requirements
============
* libglouglou
* libpcap
* libevent2
Installation
============
git clone git@meg:glouglou
cd gg_sniff
make && sudo make install
Usage
=====
gg_sniff -i eth0
Notes on architecture and security
==================================
gg_sniff must be run as root. It drops priviledges to user _gg_sniff and chroots
into _gg_sniff user home (/var/empty).
gg_sniff does:
* configuration, glouglou server reporting, droppriv and chroot (gg_sniff.c)
* read pcapfd to capture network traffic (pcap.c)
* async DNS resolving using evdns (dns.c)
Note that gg_sniff activates extra protections on libpcap file descriptor, by
setting it to readonly, for now on OpenBSD only.
It does so by reimplementing some of libpcap functions, see
pcap.c my_pcap_open_live()
|
