Autor | Frank Steinberg |
Schlüsselworte | packet capture tcpdump ethereal pcap |
Kategorien | Software |
From time to time users would like to capture packets/frames on the network layer, e.g. to analyze the behaviour of the programs they use or develop or to get some network layer statistics. Usually, this can be done with a packet capturing facility supplied by most operating systems, e.g. the Since the ability to capture arbitrary packets would allow users to snoop for sensitive data, the operating system interface for packet capturing is usually limited to superuser access. On IBR Linux hosts, however, we have a program that allows users to get packet captures with some limitations: This is a wrapper around
Notes
[ Question to all fellows: Do you think there are any serious security risks in this concept? The only one I worry about at this point in time, is sensitive data in the first 42 octets of IP fragments. ] |
Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig
Postfach: 38092 Braunschweig
Telefon: +49 (0) 531 391-0