[plug] Monitoring the Unix domain network
Bernard Blackham
bernard at blackham.com.au
Fri Jun 3 15:36:32 WST 2005
On Fri, Jun 03, 2005 at 01:37:31PM +0800, Cameron Patrick wrote:
> > You might be able to dump the traffic into a file using a small program
> > that uses ptrace (?); maybe even write out a libpcap format file (you
> > might have to add "dummy" TCP/UDP headers, ethernet headers, etc) so it
> > can be examined with ethereal. That'd probably be quite a bit of work,
> > though and I don't know if it'd even work.
>
> It should be pretty trivial, actually, if you don't care about
> portability beyond Linux systems. First look in /proc/$pid/fd for
> which file descriptors are Unix sockets.
[...]
> I'll stop now before Bernard goes out and actually implements any of
> this :-P
Here's one I prepared a long time ago. Script attached. Use like:
strace -p <pid> -e read,write -xxs 1000000 2>&1 | grep --line-b '^[^(]\+(3, ' | ./hack-strace-xx-parser.py
where you replace 3 with the FD that you're interested in, and <pid>
with the pid you're interested in. It's hacky, but it's worked
quite well for me in the past.
Bernard.
--
Bernard Blackham <bernard at blackham dot com dot au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hack-strace-xx-parser.py
Type: text/x-python
Size: 336 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20050603/df59efb4/attachment.py>
More information about the plug
mailing list