Xref: utzoo comp.unix.questions:27764 alt.unix.wizards:12
Path: utzoo!utgpu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!ji
From: ji@ctr.columbia.edu (John Ioannidis)
Newsgroups: comp.unix.questions,alt.unix.wizards
Subject: Re: Monitoring a tty
Message-ID: <1990Dec31.185518.25006@ctr.columbia.edu>
Date: 31 Dec 90 18:55:18 GMT
References: <12559@life.ai.mit.edu>
Organization: Columbia University Center for Telecommunications Research
Lines: 33

In article <12559@life.ai.mit.edu> guest@apple-gunkies.ai.mit.edu (Guest Account) writes:
>
>Hello
>
>I'd like to ask what the best way is to monitor a tty invisibly to
>the user. Obviously cat </dev/ttyxx doesn't work, it prevents
>the commands to got o the processes.
>How would one do this ?
>
>Joe

If the TTY is a hard-wired termnal (a rare breed these days), just tap
the cable (you'll actually need two terminals, one for tapping the
incoming, and one for tapping the outgoing signal. Where I worked a
few summers ago, we had an intruder coming over a modem, and we traced
what he did this way.

If the TTY is really a pty, and the user is using a shell that stays
in cooked mode (sh, csh, ksh the -[eg]macs option left unset), then
you can peek into the contents of the "canonical queue" by reading
/dev/kmem. I have a program that does that if you want. If it's in raw
mode, then you can't do it without changing anything in the kernel.

If you have STREAMS-based ttys (e.g., SunOS), then it should be easy
to write a STREAMS driver that inserts itself between two layers in
some other user's STREAMS stack and tees traffic in your direction.

/ji

In-Real-Life: John "Heldenprogrammer" Ioannidis
E-Mail-To: ji@cs.columbia.edu
V-Mail-To: +1 212 854 8120
P-Mail-To: 450 Computer Science \n Columbia University \n New York, NY 10027