Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!stanford.edu!agate!web-1f.berkeley.edu!c60b-1eq
From: c60b-1eq@web-1f.berkeley.edu (Noam Mendelson)
Newsgroups: comp.unix.questions
Subject: Re: Fingeree wants to keep track of the fingerer
Keywords: finger monitor
Message-ID: <1991Apr8.062243.16733@agate.berkeley.edu>
Date: 8 Apr 91 06:22:43 GMT
References: <10290@hub.ucsb.edu> <1991Apr8.020222.11776@athena.mit.edu>
Sender: usenet@agate.berkeley.edu (USENET Administrator)
Organization: University of California, Berkeley
Lines: 33

In article <1991Apr8.020222.11776@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes:
>In article <10290@hub.ucsb.edu>, 6600hubb@ucsbuxa.ucsb.edu (Richard Hubbell) writes:
>|> 	Does unix offer a method for keeping track of each
>|> occurence of being fingered?  i.e. if someone fingers me is there
>|> a way that I can tell who it was that fingered me? 
>  Someone else has pointed out that you can monitor finger connections by
>watching TCP port 79.  This solution, however, has several drawbacks:
> ... text deleted ...
>2. Watching a TCP port that another process is already bound to is somewhat
>   difficult, and requires network monitoring that is not doable at the novice
>   level.
>3. On a Unix system, port 79 is a reserved port, and therefore only the
>   superuser can do anything with it, so you'd have to be root to do the
>   monitoring.
>  If you are not the superuser, and you want to do this anyway, and your
>system supports named pipes, and your system's fingerd has no problem with
>reading from a named pipe, then you can do this by creating a named pipe as
>your .plan file, and running a process opens the pipe, selects it for write,
>and whenever it is ready for write, figures out what process is doing the
>reading and does monitoring stuff on that process, and then sends your .plan
>file over the pipe.

That's the method I use.  And the novice can easily monitor TCP port 79
by doing a 'netstat -n | fgrep ".79 "'.  If there is a connection to port 79,
it'll show up in the listing.
If you're the super user, though, a new fingerd would be the best solution.
That would also solve the problem of having to run the monitoring program,
and would guarantee (?) to catch every finger request.

+==========================================================================+
| Noam Mendelson   ..!agate!ucbvax!web!c60b-1eq | "I haven't lost my mind, |
| c60b-1eq@web.Berkeley.EDU                     |  it's backed up on tape  |
| University of California at Berkeley          |  somewhere."             |