<HTML>
  <HEAD>
   <TITLE>The KSnuffle Manual: Installation</TITLE>
  </HEAD>
  <BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#AA0000">
    <FONT FACE="Helvetica">
    <A HREF="http://www.kde.org/"><IMG SRC="logotp3.gif" ALT="The K Desktop Environment" BORDER=0 ></A>
    <HR WIDTH="100%" SIZE=2 ALIGN="CENTER" NOSHADE>
    <DIV ALIGN=right>
      <A HREF="index-3.html">Next</A><A HREF="index-1.html">Previous</A><A HREF="index.html#toc2">Table of Contents</A>
    </DIV>
    <BR>&nbsp;
    <H3>
      <A NAME="s2"></A>2. Installation
    </H3>
    <H3>
      <A NAME="ss2.1"></A>2.1 How to obtain KSnuffle
    </H3>
    KSnuffle is available via the
    <A HREF="http://www.quaking.demon.co.uk/ksnuffle.html">KSnuffle
    home page</A>. It is available as source; binary and source RPMs may be
    forthcoming for RedHat. It may also be available from the KDE 
    server or one of the mirrors.
    <H3>
      <A NAME="ss2.2"></A>2.2 Requirements
    </H3>
    KSnuffle-2.2 has been built with:
    <UL>
      <LI>RedHat Linux 6.2</LI>
      <LI>KDE 2 (KDE2.0.1 and KDE1.1 CVS)</LI>
      <LI>Qt 2.2.2 and Qt-copy</LI>
      <LI>egcs-1.1.2 (2.91.66)</LI>
    </UL>
    <P>
      Ksnuffle it may or may not build or run properly with other versions.
      As noted in the <A HREF="index-6.html">caveats section</A>, it relies
      on <I>libpcap-0.4</I> and glib2 (aka libc6). Also, ksnuffle operates
      outside the defined <I>libpcap</I> API; I am only able to test this for
      Linux.
    </P>
    <H3>
      <A NAME="ss2.3"></A>2.3 Compilation and installation
    </H3>
    For the source version, on a system as described above, just type
    <PRE>
% ./configure
% make
% make install
    </PRE>
    (the latter as root).
    <P>
    For the RPM version (if it exists!) (it doesn't)
    <PRE>
% rpm -ihv ksnuffle-2.0.rpm
    </PRE>
    <H3>
      <A NAME="setuid"></A><A NAME="ss2.4"></A>2.4 Setuid-root installation
    </H3>
    <P>
      If KSnuffle is installed as a setuid-root program,
      then, when run by root, it can be configured to allow other non-root users
      to monitor the network. If it not installed setuid-root, then only root
      can use it to directly sniff interfaces on the local machine. Non-root users
      will be limited to replaying log files, and to accessing remote sniffers.
    </P>
    <P>
      If this facility is required, use the command <I>chmod ug+s ksnuffle</I>
      on the installed program (if the KSnuffle executable is not owned by root,
      then <I>chown root.root ksnuffle</I> will be needed first).
      Alternatively, run KSnuffle as root and use
      the control on the <A HREF="index-4.11.html">User Setup</A> page.
    </P>
    <P>
      Again, I can only verify this function on Linux.
    </P>
    </P>
      Before installing setuid-root,
      please see the section in <A HREF="index-7.html#sec7.2">caveats</A> for
      further information and warnings.
    <P>
    <H3>
      <A NAME="ss2.5"></A>2.5 Installing a remote sniffer
    </H3>
    <P>
      Ksnuffle can be used to sniff interfaces on remote
      machines via a remote sniffer process. To install this:
    </P>
    <UL>
      <LI>
        Copy <I>rsnuffle</I> from the KDE binaries directory to a suitable
	place (eg., <I>/usr/sbin</I>) on the remote machine
      </LI>
      <LI>
	Add an entry into file <I>/etc/services</I> on the remote machine like
	<I>rsnuffle 900/tcp</I>
      </LI>
      <LI>
	Add en entry into the file <I>/etc/inetd.conf</I> on the remote
	machine like <I>rsnuffle stream tcp nowait root /usr/sbin/rsnuffle rsnuffle
	</I>
      </LI>
      <LI>
	Create a password file for <I>rsnuffle</I> <I>/etc/rsnuffle.conf</I>.
	Each line should have the form <I>ipaddr:password</I> or
	<I>ipaddr/mask:password</I>, where <I>ipaddr</I> is an IP address,
	<I>mask</I> represents a network mask (eg., 24 represents
	255.255.255.0) and <I>password</I> is a password.
      </LI>
      <LI>
        <I>/etc/rsnuffle.conf</I> should be owned by root, and must not be
	readable or writable other than root (ie., set permissions
	<I>-rw-------</I>)
      </LI>
    </UL>
    <P>
      A connection to <I>rsnuffle</I> is authenticated against the first
      entry in <I>/etc/rsnuffle.conf</I> which matches the caller's IP address. 
    </P>
    <P>
      Note that rsnuffle can also be used to sniff local network interfaces
      where you do not with to make ksnuffle
      <A HREF="index-7.html#sec7.2">setuid-root nor to run as root</A>.
    </P>
    <P>
      <A HREF="index-3.html">Next</A>
      <A HREF="index-1.html">Previous</A>
      <A HREF="index.html#toc2">Table of Contents</A>
    </P>
    <CENTER>
      <HR WIDTH="100%" SIZE=3 ALIGN=CENTER NOSHADE>
    </CENTER>
  </BODY>
</HTML>