tsnif - terminal sniffer/logger/replayer ------------------------------------------------------------------------- The tsnif project allows to trace,store and replay data of any terminal in the system (virtual, serial, pseudo terminals). Due to the way the terminal works, such a terminal trace provides complete information of what happened on the terminal screen. The tsnif project makes it possible to display (real time) or replay (from the trace log) this information. The tsnif project consist of - kernel patch adding the possibility to get the terminal data - user space utilities that process terminal data 'tsnif' - real time display 'tsnifd' - terminal tracer daemon (TBD) 'tsnif-replay' - replayer of the terminal data The usage of eg. pseudo terminals in applications like ssh/telnet/X terminals, makes the tsnif project quite attractive. It could be obviously used for various purposes. One of the most sane usage could be ssh access session monitoring of some guarded server. Any action on such a server through the ssh is then documented and could be replayed. Installation ------------------------------------------------------------------------- As this is an early stage of the project the build should be as easy as: autoconf ./configure make Documentation ------------------------------------------------------------------------- nope... source ;) should not be that bad... Usage ------------------------------------------------------------------------- - capture alive pty terminal index 0 (tty command output): tsnif -t pty -i 0 - plus storing the trace to the file: tsnif -t pty -i 0 -s krava.tsnif - replaying the file: tsnif-replay -f krava.tsnif - running the daemon (storing trace files under /var/log/tsnifd) tsnifd Author ------------------------------------------------------------------------- This package is Copyright (C) 2010 Jiri Olsa, and is being distributed under the terms of the GPLv3 license. You can contact me by email at jolsa@redhat.com The tsnif homepage is http://people.redhat.com/jolsa/tsnif