1 shellsnoop captures the text input and output from shells running on the
2 system. In the following example shellsnoop was run in one window, while
3 in another several commands were run: date, cal, uname -a, uptime and find.
4 shellsnoop has successfully captured the text that was displayed on the
13 4741 4724 date W Sun Mar 28 23:10:06 EST 2004
15 4724 3762 ksh W jupiter:/etc/init.d>
20 4742 4724 cal W March 2004
21 4742 4724 cal W S M Tu W Th F S
22 4742 4724 cal W 1 2 3 4 5 6
23 4742 4724 cal W 7 8 9 10 11 12 13
24 4742 4724 cal W 14 15 16 17 18 19 20
25 4742 4724 cal W 21 22 23 24 25 26 27
26 4742 4724 cal W 28 29 30 31
29 4724 3762 ksh W jupiter:/etc/init.d>
32 4724 3762 ksh W uname -a
34 4743 4724 uname W SunOS jupiter 5.10 s10_51 i86pc i386 i86pc
36 4724 3762 ksh W jupiter:/etc/init.d>
39 4724 3762 ksh W uptime
41 4744 4724 uptime W 11:10pm up 4 day(s), 11:15, 4 users, load average: 0.05, 0.02, 0.02
43 4724 3762 ksh W jupiter:/etc/init.d>
47 4724 3762 ksh W jupiter:/etc/init.d>
50 4724 3762 ksh W ls -l d*
52 4745 4724 ls W -rwxr--r-- 3 root sys 1292 Jan 14 16:24 devfsadm
53 4745 4724 ls W -rwxr--r-- 1 root sys 904 Jan 14 16:24 devlinks
54 4745 4724 ls W -rwxr--r-- 6 root sys 621 Jan 14 16:17 dhcp
55 4745 4724 ls W -rwxr--r-- 2 root sys 494 Jan 14 16:17 dhcpagent
56 4745 4724 ls W -rwxr--r-- 5 root sys 1050 Jan 16 2002 directory
57 4745 4724 ls W -rwxr--r-- 2 root sys 779 Jan 14 16:17 domainname
58 4745 4724 ls W -rwxr--r-- 1 root sys 469 Jan 14 16:24 drvconfig
59 4745 4724 ls W -r-xr-xr-x 4 root other 2804 Mar 27 13:37 dtlogin
61 4724 3762 ksh W jupiter:/etc/init.d>
64 4724 3762 ksh W find /etc/default
66 4746 4724 find W /etc/default
67 4746 4724 find W /etc/default/cron
68 4746 4724 find W /etc/default/devfsadm
69 4746 4724 find W /etc/default/dhcpagent
70 4746 4724 find W /etc/default/fs
71 4746 4724 find W /etc/default/inetd
72 4746 4724 find W /etc/default/inetinit
73 4746 4724 find W /etc/default/kbd
74 4746 4724 find W /etc/default/keyserv
75 4746 4724 find W /etc/default/ipsec
76 4746 4724 find W /etc/default/nss
77 4746 4724 find W /etc/default/passwd
78 4746 4724 find W /etc/default/syslogd
79 4746 4724 find W /etc/default/tar
80 4746 4724 find W /etc/default/utmpd
81 4746 4724 find W /etc/default/init
82 4746 4724 find W /etc/default/login
83 4746 4724 find W /etc/default/su
84 4746 4724 find W /etc/default/power
85 4746 4724 find W /etc/default/sys-suspend
86 4746 4724 find W /etc/default/rpc.nisd
87 4746 4724 find W /etc/default/nfs
92 shellsnoop has a "-q" option for running in "quiet" mode - the previous
93 columns are not printed, so only shell output is seen,
97 Wed Nov 30 16:19:48 EST 2005
110 The output appears somewhat boring, this is something you need to see