shellsnoop_example.txt revision 1.1.1.1
1 1.1 christos shellsnoop captures the text input and output from shells running on the 2 1.1 christos system. In the following example shellsnoop was run in one window, while 3 1.1 christos in another several commands were run: date, cal, uname -a, uptime and find. 4 1.1 christos shellsnoop has successfully captured the text that was displayed on the 5 1.1 christos other window. 6 1.1 christos 7 1.1 christos 8 1.1 christos # shellsnoop 9 1.1 christos PID PPID CMD DIR TEXT 10 1.1 christos 4724 3762 ksh R 11 1.1 christos 4724 3762 ksh W date 12 1.1 christos 13 1.1 christos 4741 4724 date W Sun Mar 28 23:10:06 EST 2004 14 1.1 christos 4724 3762 ksh R 15 1.1 christos 4724 3762 ksh W jupiter:/etc/init.d> 16 1.1 christos 4724 3762 ksh R 17 1.1 christos 4724 3762 ksh R 18 1.1 christos 4724 3762 ksh W cal 19 1.1 christos 20 1.1 christos 4742 4724 cal W March 2004 21 1.1 christos 4742 4724 cal W S M Tu W Th F S 22 1.1 christos 4742 4724 cal W 1 2 3 4 5 6 23 1.1 christos 4742 4724 cal W 7 8 9 10 11 12 13 24 1.1 christos 4742 4724 cal W 14 15 16 17 18 19 20 25 1.1 christos 4742 4724 cal W 21 22 23 24 25 26 27 26 1.1 christos 4742 4724 cal W 28 29 30 31 27 1.1 christos 4742 4724 cal W 28 1.1 christos 4724 3762 ksh R 29 1.1 christos 4724 3762 ksh W jupiter:/etc/init.d> 30 1.1 christos 4724 3762 ksh R 31 1.1 christos 4724 3762 ksh R 32 1.1 christos 4724 3762 ksh W uname -a 33 1.1 christos 34 1.1 christos 4743 4724 uname W SunOS jupiter 5.10 s10_51 i86pc i386 i86pc 35 1.1 christos 4724 3762 ksh R 36 1.1 christos 4724 3762 ksh W jupiter:/etc/init.d> 37 1.1 christos 4724 3762 ksh R 38 1.1 christos 4724 3762 ksh R 39 1.1 christos 4724 3762 ksh W uptime 40 1.1 christos 41 1.1 christos 4744 4724 uptime W 11:10pm up 4 day(s), 11:15, 4 users, load average: 0.05, 0.02, 0.02 42 1.1 christos 4724 3762 ksh R 43 1.1 christos 4724 3762 ksh W jupiter:/etc/init.d> 44 1.1 christos 4724 3762 ksh R 45 1.1 christos 4724 3762 ksh R 46 1.1 christos 4724 3762 ksh R 47 1.1 christos 4724 3762 ksh W jupiter:/etc/init.d> 48 1.1 christos 4724 3762 ksh R 49 1.1 christos 4724 3762 ksh R 50 1.1 christos 4724 3762 ksh W ls -l d* 51 1.1 christos 52 1.1 christos 4745 4724 ls W -rwxr--r-- 3 root sys 1292 Jan 14 16:24 devfsadm 53 1.1 christos 4745 4724 ls W -rwxr--r-- 1 root sys 904 Jan 14 16:24 devlinks 54 1.1 christos 4745 4724 ls W -rwxr--r-- 6 root sys 621 Jan 14 16:17 dhcp 55 1.1 christos 4745 4724 ls W -rwxr--r-- 2 root sys 494 Jan 14 16:17 dhcpagent 56 1.1 christos 4745 4724 ls W -rwxr--r-- 5 root sys 1050 Jan 16 2002 directory 57 1.1 christos 4745 4724 ls W -rwxr--r-- 2 root sys 779 Jan 14 16:17 domainname 58 1.1 christos 4745 4724 ls W -rwxr--r-- 1 root sys 469 Jan 14 16:24 drvconfig 59 1.1 christos 4745 4724 ls W -r-xr-xr-x 4 root other 2804 Mar 27 13:37 dtlogin 60 1.1 christos 4724 3762 ksh R 61 1.1 christos 4724 3762 ksh W jupiter:/etc/init.d> 62 1.1 christos 4724 3762 ksh R 63 1.1 christos 4724 3762 ksh R 64 1.1 christos 4724 3762 ksh W find /etc/default 65 1.1 christos 66 1.1 christos 4746 4724 find W /etc/default 67 1.1 christos 4746 4724 find W /etc/default/cron 68 1.1 christos 4746 4724 find W /etc/default/devfsadm 69 1.1 christos 4746 4724 find W /etc/default/dhcpagent 70 1.1 christos 4746 4724 find W /etc/default/fs 71 1.1 christos 4746 4724 find W /etc/default/inetd 72 1.1 christos 4746 4724 find W /etc/default/inetinit 73 1.1 christos 4746 4724 find W /etc/default/kbd 74 1.1 christos 4746 4724 find W /etc/default/keyserv 75 1.1 christos 4746 4724 find W /etc/default/ipsec 76 1.1 christos 4746 4724 find W /etc/default/nss 77 1.1 christos 4746 4724 find W /etc/default/passwd 78 1.1 christos 4746 4724 find W /etc/default/syslogd 79 1.1 christos 4746 4724 find W /etc/default/tar 80 1.1 christos 4746 4724 find W /etc/default/utmpd 81 1.1 christos 4746 4724 find W /etc/default/init 82 1.1 christos 4746 4724 find W /etc/default/login 83 1.1 christos 4746 4724 find W /etc/default/su 84 1.1 christos 4746 4724 find W /etc/default/power 85 1.1 christos 4746 4724 find W /etc/default/sys-suspend 86 1.1 christos 4746 4724 find W /etc/default/rpc.nisd 87 1.1 christos 4746 4724 find W /etc/default/nfs 88 1.1 christos [...] 89 1.1 christos 90 1.1 christos 91 1.1 christos 92 1.1 christos shellsnoop has a "-q" option for running in "quiet" mode - the previous 93 1.1 christos columns are not printed, so only shell output is seen, 94 1.1 christos 95 1.1 christos # shellsnoop -q 96 1.1 christos # date 97 1.1 christos Wed Nov 30 16:19:48 EST 2005 98 1.1 christos # 99 1.1 christos # cal 100 1.1 christos November 2005 101 1.1 christos S M Tu W Th F S 102 1.1 christos 1 2 3 4 5 103 1.1 christos 6 7 8 9 10 11 12 104 1.1 christos 13 14 15 16 17 18 19 105 1.1 christos 20 21 22 23 24 25 26 106 1.1 christos 27 28 29 30 107 1.1 christos 108 1.1 christos # 109 1.1 christos 110 1.1 christos The output appears somewhat boring, this is something you need to see 111 1.1 christos in realtime. 112 1.1 christos 113
Indexes created Sun Apr 26 00:22:38 UTC 2026