Hi,
Anyone know how I can log all input - when a user logs in to a specific port number ie if user telnet to port specifically telnet 0 4800
I want to log all input that the user inputs..
Is this possible??
Is the sun solaris forum the correct forum or should this perhaps go under some scripting forum instead?
Any help is appreciated...
you can use snoop and redirect the output to a file.
if memory serves me correctly there is a switch for snoop to send the data directly to a file also.
Hi...
Unfortunately - Snoop does not seem to log all input from the user. I have tried this previously but it is not giving me all the detail I need - and also , I cannot limit this to just one port, it seems to snoop the whole interface.
Any other ideas?
You need to look at the -v or -V options and realize you would need quite a bit of disk space for all the info you would gather - also, you need to look at the from or src expressions to cut it down to the port.
you could try the command "script". load it in the .profile....
greetings Pre�y
All,
I have a user who is let's say - abusing a service on my server.
I do not know who the user is and need to track them.
They are using a service on a specific port, but I cannot seem to trace this using any scripts/commands.
Someone recommended using the snoop command but this is not helping me..
Any one else got any ideas?
I merged the threads.
I also think snoop is the best answer. Why is it not helping you?
The only other answers would be a sniffer, or rewrite the server to produce extensive logs.
I am snopping a port - but it isnt listed in /etc/services so I dont see to get the input I am looking for.
I am trying to get the server logging enabled correctly but its taking time...
I need to see what is being sent to this port and the exact input of the user..
is this un-realistic?
What you want is trivial. You don't need to use a symbolic port name, you can use just a numeric port number.
And even if the port was required to be in /etc/services, how long would it take to add one line to a text file? Since the port is in use I would add it /etc/services just to document that fact.
I have tried just using the port number but doesnt work and same if I add to /etc/services...
What snoop command are you using?
Try to snoop telnet. Does that work?