Hello all,
I was interested in programs, which create a socket on my box in order to see if there are sniffers on the system. However I am not the best Kernel Hacker / Networking specialist, so comments are welcome. Subjects I am particularily interested in, are:
- is this a silly idea? why?
- is the implementation OK ?
- do I get all relevant sockets with
if (PF_INET==family || PF_PACKET==family)
- is there a better way to do the same?thanks thorsten happel
[EMAIL PROTECTED]:~$ cat linux-2.6.11.5-info-sock-create.patch --- linux-2.6.11.5/net/socket.c 2005-03-22 08:03:57.000000000 +0100 +++ linux-2.6.11.5/net/socket.c 2005-03-22 08:06:03.000000000 +0100 @@ -88,6 +88,7 @@
#include <asm/uaccess.h> #include <asm/unistd.h> +#include <asm/current.h>
#include <net/compat.h>
@@ -1185,6 +1186,9 @@
struct socket *sock; retval = sock_create(family, type, protocol, &sock);
+ if (PF_INET==family || PF_PACKET==family) \
+ printk(KERN_INFO "Socket created by:%s, PID:%d\n", \
+ current->comm, current->pid);
if (retval < 0)
goto out;
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
