September 3, 1996

• Got tired of starting tcpdump by hand

• tacacs-action

  • Config file lists accounts and actions to take on login/logout.
  • Actions include "log" and "page"
  • "page" does what you'd expect
  • "log" invokes tcpdump on a sniffer on the correct subnet to capture their traffic on login (filtering for just their IP address), or stops tcpdump for that session on logout.

Previous slide

Next slide

Back to first slide

View graphic version

Was amused with hacker-on, hacker-off pages. They'd come home from school - login, login, login. Break for dinner - logout, logout, logout. After dinner - login, login, login. They decide to see a movie - logout, logout, logout. Playing quake at home