[EMAIL PROTECTED] writes:
> I haven't looked at their methods, but perhaps they're looking at the TCP
> sequence numbers or port numbers the kernel of the host OS is picking?
BSD-derived kernels start TCP sequence numbers at 1 (at boot time) and
then increment this number by 64,000 ever half second. This number
wraps every, umm... 9 hours or so.
IIRC, Linux does something similar. Other monolithic kernels probably
do similar things, but if you know what the scheme is, you can glean
uptime information from this information. In the case of BSD-derived
kernels, you'd obviously have to poll every N hours, where N<9.
The only other way I can think of to glean this information would be
to poll MIB-II sysUpTime values, but it'd probably be safe to say that
most hosts running serious web-servers aren't also running SNMP
servers. So that rules this scheme out.
--kevin
--
Kevin D. Clark ([EMAIL PROTECTED]) |
Cetacean Networks, Inc. | Give me a decent UNIX
Portsmouth, N.H. (USA) | and I can move the world
[EMAIL PROTECTED] (PGP Key Available) |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
