sshsniff - by the most psychoid
           based on ltrace
	  

sshsniff is a systemcall traffic logger. It allows the logging
of any in- and outgoing traffic from a given pid and it's childs.
that also allows the sniffing of an ssh client and/or server of
a possibly compromised host. You can also use it for other
processes which use the SYS_read and SYS_write syscalls.

to compile, do:

./configure
 
then

make


After it compiled, just do:

./sshsniff pid [a]

pid = pid of the program to trace

if the 2nd param is an 'a', then all fd's will be
monitored. If not, then only stdout, stdin and stderr
get monitored.

example:

./sshsniff 2389

would sniff stdout, stdin and stderr from the process with the pid
2389 and all it's possibly forked and executed childs.

./sshsniff 2389 a

would sniff all file decriptors of the given pid.

