Monitoring a tty
John Ioannidis
ji at ctr.columbia.edu
Tue Jan 1 05:55:18 AEST 1991
In article <12559 at life.ai.mit.edu> guest at apple-gunkies.ai.mit.edu (Guest Account) writes:
>
>Hello
>
>I'd like to ask what the best way is to monitor a tty invisibly to
>the user. Obviously cat </dev/ttyxx doesn't work, it prevents
>the commands to got o the processes.
>How would one do this ?
>
>Joe
If the TTY is a hard-wired termnal (a rare breed these days), just tap
the cable (you'll actually need two terminals, one for tapping the
incoming, and one for tapping the outgoing signal. Where I worked a
few summers ago, we had an intruder coming over a modem, and we traced
what he did this way.
If the TTY is really a pty, and the user is using a shell that stays
in cooked mode (sh, csh, ksh the -[eg]macs option left unset), then
you can peek into the contents of the "canonical queue" by reading
/dev/kmem. I have a program that does that if you want. If it's in raw
mode, then you can't do it without changing anything in the kernel.
If you have STREAMS-based ttys (e.g., SunOS), then it should be easy
to write a STREAMS driver that inserts itself between two layers in
some other user's STREAMS stack and tees traffic in your direction.
/ji
In-Real-Life: John "Heldenprogrammer" Ioannidis
E-Mail-To: ji at cs.columbia.edu
V-Mail-To: +1 212 854 8120
P-Mail-To: 450 Computer Science \n Columbia University \n New York, NY 10027
More information about the Comp.unix.questions
mailing list