Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!ll-xn!ames!hc!hi!josh From: josh@hi.UUCP (Josh Siegel) Newsgroups: comp.unix.xenix,comp.sources.wanted,comp.unix.questions Subject: Re: tty watcher Message-ID: <15136@hi.UUCP> Date: Thu, 10-Sep-87 16:55:13 EDT Article-I.D.: hi.15136 Posted: Thu Sep 10 16:55:13 1987 Date-Received: Sat, 12-Sep-87 10:34:40 EDT References: <4263@ozdaltx.UUCP> Reply-To: josh@hi.UUCP (Josh Siegel) Organization: U. of New Mexico, Albuquerque Lines: 76 Xref: mnetor comp.unix.xenix:715 comp.sources.wanted:2193 comp.unix.questions:3995 In article <4263@ozdaltx.UUCP> root@ozdaltx.UUCP (root) writes: >A while back I'd asked if anyone has an effective tty >watcher or "spy" program, or if they had suggestion as to >how such a thing could be accomplished. Must have missed this posting... sorry. > >The most common reply was; use 'cat < /dev/ttyxx', good >idea, but the I/O gets confused and can't quite figure out >where things are supposed to go. Very true. Not a good idea. There are lots of better ways of doing this. > >Several versions of *NIX must have had a "hook" or stub in >the kernal as more than one person made mention of a 'spy' >program that effectivally let you tune in on some one elses >tty. It does exist in many forms... 1) Stealbuf - This code reads the input buffers of the user being watched and prints out everything he/she is typing. It doesn't work if they are in raw mode. I don't know who wrote it. 2) Spy - Kinda like a running ps. Fast and clean. Lets you see what commands a user is running. I don't know who wrote it. 3) eye - This is the gem of the bunch. Written for a Sun computer, it watches TCP/IP connections on the ethernet. This lets you see exactly what a user is doing... both input and output. Also, it lets you keep a transcript of the conversation. Triggers exist on it to start watching a connection when the user types "su\n" and when a connection starts up. Very useful for breaking into computer systems and watching what others are doing at any given time. I wrote this one.... > >To make a long story short, appearently it just can't be >done. Looks like MS-DOS wins this round. I am not sure what it won. Sorry... looks like Sun won again ;-) > >============================================================ >| Scotty | Adapt - Enjoy - Survive | >| ihnp4!killer!ozdaltx!sysop | "Ad Venerem Securiorem" | >============================================================ Before I get mail asking me for copies of the software, let me state my policy. I will not pass out stealbuf or eye to anybody. Stealbuf doesn't work on BSD43 and eye only works on Suns. The current version of eye is nothing but a machine cracker. I don't see a reason to pass this around. In a few weeks, I plan on posting a new version of eye that is a ethernet debugger. I never plan on posting my cracking version. -- Josh Siegel (siegel@hc.dspo.gov) Friends don't let Friends eat Cherry Zingers