On 04/28/2006 09:53 PM, Jeremy Sheldon wrote: > hello, i'm writing a little program. this program attempts to monitor > the linux system (via /proc) to discover if certain specified programs > are running (just for the logged in user). if they are, the program > then attempts to discover if they have any external connections. > > for tcp this is easy. i just use /proc and some netstat code to > discover the remote address. however, for udp they are sometimes these > "unconnected" connections. so, i'd like the program to sniff a few > packets on the udp source port gathered and determine the remote IP/port. > > naturally, my first thought was libpcap. i whipped up a quick little > sniffer that grabs a couple packets and BAM. it works great... as long > as you're root. well, this program shouldn't need root access. > > does anyone have suggestions for either 1. how to determine the remote > ip/port for the udp connection without using the libpcap "sniffer" > technique?
ptrace(2) the process and trap send and sendto calls. Naturally you won't be able to do this if some other process is already ptracing the target process. > or 2. how to use libpcap without require the program to run with root > privlidges? AFAIK on Linux this is not possible. -- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]> "Never try to retrieve anything from a bear."--National Park Service - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.