shellsnoop has the following options, # ./shellsnoop -h USAGE: shellsnoop [-hqsv] [-p PID] [-u UID] shellsnoop # default output -q # quiet, only print data -s # include start time, us -v # include start time, string -p PID # process ID to snoop -u UID # user ID to snoop shellsnoop captures the text input and output from shells running on the system. In the following example shellsnoop was run in one window, while in another several commands were run: date, cal, uname -a, uptime and find. shellsnoop has successfully captured the text that was displayed on the other window. # ./shellsnoop PID PPID CMD DIR TEXT 4724 3762 ksh R 4724 3762 ksh W date 4741 4724 date W Sun Mar 28 23:10:06 EST 2004 4724 3762 ksh R 4724 3762 ksh W jupiter:/etc/init.d> 4724 3762 ksh R 4724 3762 ksh R 4724 3762 ksh W cal 4742 4724 cal W March 2004 4742 4724 cal W S M Tu W Th F S 4742 4724 cal W 1 2 3 4 5 6 4742 4724 cal W 7 8 9 10 11 12 13 4742 4724 cal W 14 15 16 17 18 19 20 4742 4724 cal W 21 22 23 24 25 26 27 4742 4724 cal W 28 29 30 31 4742 4724 cal W 4724 3762 ksh R 4724 3762 ksh W jupiter:/etc/init.d> 4724 3762 ksh R 4724 3762 ksh R 4724 3762 ksh W uname -a 4743 4724 uname W SunOS jupiter 5.10 s10_51 i86pc i386 i86pc 4724 3762 ksh R 4724 3762 ksh W jupiter:/etc/init.d> 4724 3762 ksh R 4724 3762 ksh R 4724 3762 ksh W uptime 4744 4724 uptime W 11:10pm up 4 day(s), 11:15, 4 users, load average: 0.05, 0.02, 0.02 4724 3762 ksh R 4724 3762 ksh W jupiter:/etc/init.d> 4724 3762 ksh R 4724 3762 ksh R 4724 3762 ksh R 4724 3762 ksh W jupiter:/etc/init.d> 4724 3762 ksh R 4724 3762 ksh R 4724 3762 ksh W ls -l d* 4745 4724 ls W -rwxr--r-- 3 root sys 1292 Jan 14 16:24 devfsadm 4745 4724 ls W -rwxr--r-- 1 root sys 904 Jan 14 16:24 devlinks 4745 4724 ls W -rwxr--r-- 6 root sys 621 Jan 14 16:17 dhcp 4745 4724 ls W -rwxr--r-- 2 root sys 494 Jan 14 16:17 dhcpagent 4745 4724 ls W -rwxr--r-- 5 root sys 1050 Jan 16 2002 directory 4745 4724 ls W -rwxr--r-- 2 root sys 779 Jan 14 16:17 domainname 4745 4724 ls W -rwxr--r-- 1 root sys 469 Jan 14 16:24 drvconfig 4745 4724 ls W -r-xr-xr-x 4 root other 2804 Mar 27 13:37 dtlogin 4724 3762 ksh R 4724 3762 ksh W jupiter:/etc/init.d> 4724 3762 ksh R 4724 3762 ksh R 4724 3762 ksh W find /etc/default 4746 4724 find W /etc/default 4746 4724 find W /etc/default/cron 4746 4724 find W /etc/default/devfsadm 4746 4724 find W /etc/default/dhcpagent 4746 4724 find W /etc/default/fs 4746 4724 find W /etc/default/inetd 4746 4724 find W /etc/default/inetinit 4746 4724 find W /etc/default/kbd 4746 4724 find W /etc/default/keyserv 4746 4724 find W /etc/default/ipsec 4746 4724 find W /etc/default/nss 4746 4724 find W /etc/default/passwd 4746 4724 find W /etc/default/syslogd 4746 4724 find W /etc/default/tar 4746 4724 find W /etc/default/utmpd 4746 4724 find W /etc/default/init 4746 4724 find W /etc/default/login 4746 4724 find W /etc/default/su 4746 4724 find W /etc/default/power 4746 4724 find W /etc/default/sys-suspend 4746 4724 find W /etc/default/rpc.nisd 4746 4724 find W /etc/default/nfs [...]