Watch Terminal Activity

General Information

Have you ever had a user login to your box and then ask you for help? Or have you ever been curious as to what your users are doing on your system? The watch(8) utility will let you snoop another tty, allowing you to see what your other users are doing and even interact with them. It’s a must-have utility for every network administrator.


  1. Local root access on the box or be able to su to root.
  2. A SSH client that supports ANSI colors such as puTTy or SecureCRT (if you aren’t on the box).
  3. Your favorite text editor (I prefer nano)


For the 5.x branch, there is no installation needed. Everything required for watch is already installed.

For the 4.x branch, we have to compile a kernel with snp support. So, add the following to your kernel configuration:

# nano -w /usr/src/sys/i386/conf/MYKERNEL

***output omitted***
pseudo-device   snp     4
***output omitted***

This compiles the snp snooping utility and you can change the 4 to however many terminals you plan on watching at any given time. Now, compile and install your kernel.


You need to know which tty you wish to watch, so if you don’t know it you can find out.

# who
jon              ttyp0    Oct 19 12:10 (
steve            ttyp1    Oct 19 12:15 (

Let’s say we want to see what steve is up to. The syntax is:

Note: You must aquire root priveleges first as watch(8) can only be used as root.
# watch [options] tty

We can simply issue the following to see what he is doing:

# watch ttyp1

Now, if steve is requesting help, you can interactively watch his terminal with:

# watch -W ttyp1

Whatever he types, you see and whatever you type, he sees. It’s a beautiful thing. Now the next thing to know is what you can do once you are in watch.

     Exit watch.

     Clear screen.

     Change attached tty, unless this feature is disabled, in which case
     control-X is passed to the terminal as with other control characters.

That’s all there is to watching your other user’s activity.

Speak Your Mind