Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
shellsnoop(1m)							shellsnoop(1m)

NAME
       shellsnoop - snoop live shell activity. Uses DTrace.

SYNOPSIS
       shellsnoop [-hqsv] [-p PID] [-u UID]

DESCRIPTION
       A  program  to print read/write details from shells, such as keystrokes
       and command outputs.

       This program sounds somewhat dangerous (snooping	keystrokes), but is no
       more so than /usr/bin/truss, and	both need root or dtrace privileges to
       run. In fact, less dangerous, as	we only	print visible text (not	 pass-
       word  text, for example). Having	said that, it goes without saying that
       this program shouldn't be used for breeching privacy of other users.

       This was	written	as a tool to demonstrate the capabilities of DTrace.

       Since  this  uses  DTrace,  only	 the  root  user  or  users  with  the
       dtrace_kernel privilege can run this command.

OS
       Solaris

STABILITY
       stable -	this script uses the syscall provider.

OPTIONS
       -q     quiet, only print	data

       -s     include start time, us

       -v     include start time, string

       -p PID PID to snoop

       -u UID user ID to snoop

EXAMPLES
       Default output,
	      #	shellsnoop

       human readable timestamps,
	      #	shellsnoop -v

       watch this PID only,
	      #	shellsnoop -p 1892

       watch this PID data only,
	      #	shellsnoop -qp 1892

FIELDS
       UID    user ID

       PID    process ID

       PPID   parent process ID

       COMM   command name

       DIR    direction	(R read, W write)

       TEXT   text contained in	the read/write

       TIME   timestamp	for the	command, us

       STRTIME
	      timestamp	for the	command, string

DOCUMENTATION
       See  the	 DTraceToolkit for further documentation under the Docs	direc-
       tory. The DTraceToolkit docs may	include	full worked examples with ver-
       bose descriptions explaining the	output.

EXIT
       shellsnoop will run forever until Ctrl-C	is hit.

AUTHOR
       Brendan Gregg [Sydney, Australia]

SEE ALSO
       dtrace(1M)

USER COMMANDS		     $Date:: 2007-08-05	#$		shellsnoop(1m)

NAME | SYNOPSIS | DESCRIPTION | OS | STABILITY | OPTIONS | EXAMPLES | FIELDS | DOCUMENTATION | EXIT | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=shellsnoop&sektion=1&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help