[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] unix named socket
On Wed, Jul 16, 2003 at 09:42:06AM -0400, Francisco Acosta wrote:
> How can I trace passively, communications through unix named socket, in
> the same way that ethereal or tcpdump do it for TCP/UDP?.
You cannot, really. What you can do is write a small apllication
that moves the socket aside, creates a new one in its place, and
acts as a monkey-in-the-middle for these sockets.
It's an interesting thing to do for /tmp/.X11-unix/X0 if you want to
snoop on an application :)
It's not quite the same however as tcpdump, because the client will
see a broken connection when you exit your sniffer.
Olaf Kirch | Anyone who has had to work with X.509 has probably
okir@xxxxxxx | experienced what can best be described as
---------------+ ISO water torture. -- Peter Gutmann
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here