guest@apple-gunkies.ai.mit.edu (Guest Account) (12/31/90)
Hello I'd like to ask what the best way is to monitor a tty invisibly to the user. Obviously cat </dev/ttyxx doesn't work, it prevents the commands to got o the processes. How would one do this ? Joe
ji@ctr.columbia.edu (John Ioannidis) (01/01/91)
In article <12559@life.ai.mit.edu> guest@apple-gunkies.ai.mit.edu (Guest Account) writes: > >Hello > >I'd like to ask what the best way is to monitor a tty invisibly to >the user. Obviously cat </dev/ttyxx doesn't work, it prevents >the commands to got o the processes. >How would one do this ? > >Joe If the TTY is a hard-wired termnal (a rare breed these days), just tap the cable (you'll actually need two terminals, one for tapping the incoming, and one for tapping the outgoing signal. Where I worked a few summers ago, we had an intruder coming over a modem, and we traced what he did this way. If the TTY is really a pty, and the user is using a shell that stays in cooked mode (sh, csh, ksh the -[eg]macs option left unset), then you can peek into the contents of the "canonical queue" by reading /dev/kmem. I have a program that does that if you want. If it's in raw mode, then you can't do it without changing anything in the kernel. If you have STREAMS-based ttys (e.g., SunOS), then it should be easy to write a STREAMS driver that inserts itself between two layers in some other user's STREAMS stack and tees traffic in your direction. /ji In-Real-Life: John "Heldenprogrammer" Ioannidis E-Mail-To: ji@cs.columbia.edu V-Mail-To: +1 212 854 8120 P-Mail-To: 450 Computer Science \n Columbia University \n New York, NY 10027
harry@svnet.UUCP (Harry Skelton) (01/03/91)
ji@ctr.columbia.edu (John Ioannidis) writes: . guest@apple-gunkies.ai.mit.edu (Guest Account) writes: . > . >Hello . > . >I'd like to ask what the best way is to monitor a tty invisibly to . >the user. Obviously cat </dev/ttyxx doesn't work, it prevents . >the commands to got o the processes. . >How would one do this ? . > . >Joe . . If the TTY is a hard-wired termnal (a rare breed these days), just tap . the cable (you'll actually need two terminals, one for tapping the . incoming, and one for tapping the outgoing signal. Where I worked a . few summers ago, we had an intruder coming over a modem, and we traced . what he did this way. Just don't wire your Data Transmit line into the connection, you may end up sending answerback information, etc and screw up the line. . . If the TTY is really a pty, and the user is using a shell that stays . in cooked mode (sh, csh, ksh the -[eg]macs option left unset), then . you can peek into the contents of the "canonical queue" by reading . /dev/kmem. I have a program that does that if you want. If it's in raw . mode, then you can't do it without changing anything in the kernel. Could you send me a copy John? . . If you have STREAMS-based ttys (e.g., SunOS), then it should be easy . to write a STREAMS driver that inserts itself between two layers in . some other user's STREAMS stack and tees traffic in your direction. Just watch the config under AT&T's streams. (prior to 4.0) You could just push him into a pty regarless with a pty handling program (see recent alt.sources postings) and tee the output from the pty. I find this easy since it works on most systems but does require you to be the SA or have root access sometimes. --- Harry Skelton - UniForum - Senior Systems Administrator.
src@scuzzy.in-berlin.de (Heiko Blume) (01/04/91)
harry@svnet.UUCP (Harry Skelton) writes: >ji@ctr.columbia.edu (John Ioannidis) writes: >. [...] >Just don't wire your Data Transmit line into the connection, you may end >up sending answerback information, etc and screw up the line. the line wouldn't work at all, since the tap-terminal would hold the line on the same level (voltage) all the time. only connect to the signal ground and to the data line that carries the characters to the terminal (modem, whatever) to be tapped. -- Heiko Blume <-+-> src@scuzzy.in-berlin.de <-+-> (+49 30) 691 88 93 public source archive [HST V.42bis]: scuzzy Any ACU,f 38400 6919520 gin:--gin: nuucp sword: nuucp uucp scuzzy!/src/README /your/home
nmm@mcquaig.UUCP (Neil M. McQuaig) (01/17/91)
In article <12559@life.ai.mit.edu> guest@apple-gunkies.ai.mit.edu (Guest Account) writes: >I'd like to ask what the best way is to monitor a tty invisibly to >the user. ... >How would one do this ? I've never posted to this group (since I'm not a real wizard), but I did have the same problem. I stuck together a pair of pty's with the log input/output hook in the middle. Placing this on the the login port I am able to see what's going on. It is mainly a modification of the sources presented in Richard Steven's Unix Networking book. -- Neil M. McQuaig 344 Millicent Way, Shreveport, LA 71106 VOICE: (318)868-5611 UUCP: mcquaig!nmm (318)861-1051 or uunet!mcquaig!nmm