Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How would I go about writing a Linux TTY sniffer?

For educational purposes (not that anyone should care about the motivations behind such an exercise) I'd like to write a program that can read/write to/from alternate ttys/ptys. I've read papers (from the 1990s) but can't employ the implementation they use on modern Linux/glibc

I was hoping that someone had researched into this in the past (not too far in the past), or at least, read documentation pertaining to it, that they could provide, that would enlighten me further.

I also wonder if (considering the fact that Linux doesn't have streams) if this exercise must be done via a loadable kernel module [lkm].

I have many questions and probably a misunderstanding of some of the fundamental ideologies that allow such objectives to be put in place, could someone help? :)

like image 609
alienate Avatar asked Oct 14 '22 07:10

alienate


1 Answers

The linspy.c code in that Phrack article is a Linux kernel module. It won't compile against a modern kernel, because the internal kernel interfaces change frequently.

However, the basic approach it uses is sound (although it is completely missing locking required for correctness in an SMP environment), and with the application of sufficient elbow grease you should be able to port it to compile against the latest kernel.

like image 146
caf Avatar answered Oct 17 '22 13:10

caf