[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] unix named socket



On Wed, Jul 16, 2003 at 09:42:06AM -0400, Francisco Acosta wrote:
> How can I trace passively, communications through unix named socket, in 
> the same way that ethereal or tcpdump do it for TCP/UDP?.

You cannot, really. What you can do is write a small apllication
that moves the socket aside, creates a new one in its place, and
acts as a monkey-in-the-middle for these sockets.

It's an interesting thing to do for /tmp/.X11-unix/X0 if you want to
snoop on an application :)

It's not quite the same however as tcpdump, because the client will
see a broken connection when you exit your sniffer.

Olaf
-- 
Olaf Kirch     |  Anyone who has had to work with X.509 has probably
okir@xxxxxxx   |  experienced what can best be described as
---------------+  ISO water torture. -- Peter Gutmann

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here