How can I trace passively, communications through unix named socket, in the same way that ethereal or tcpdump do it for TCP/UDP?. -- -.Francisco Acosta.- chesco@idea.com.py
On Wed, Jul 16, 2003 at 09:42:06AM -0400, Francisco Acosta wrote:
How can I trace passively, communications through unix named socket, in the same way that ethereal or tcpdump do it for TCP/UDP?.
You cannot, really. What you can do is write a small apllication that moves the socket aside, creates a new one in its place, and acts as a monkey-in-the-middle for these sockets. It's an interesting thing to do for /tmp/.X11-unix/X0 if you want to snoop on an application :) It's not quite the same however as tcpdump, because the client will see a broken connection when you exit your sniffer. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
On Wed, 16 Jul 2003, Francisco Acosta wrote: Hi, Interesting question, ethereal etc wont work AFAIK. I wrote a patch for the kernel to sniff unix sockets but it was some 2.4.14 or so. Better idea would maybe to intercept read() and write() via preload tricks. Sebastian
How can I trace passively, communications through unix named socket, in the same way that ethereal or tcpdump do it for TCP/UDP?.
-- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@suse.de - SuSE Security Team ~
* Francisco Acosta wrote on Wed, Jul 16, 2003 at 09:42 -0400:
How can I trace passively, communications through unix named socket, in the same way that ethereal or tcpdump do it for TCP/UDP?.
There is some hackertool that allows root to monitor filedesciptors of a process. IIRC it e.g. allows to "sniff" (locally) a SSH session for instance. The technique used by this tool should work for the process that communicates via that FIFO. Unfortunality, I forgot the name of this tool. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (4)
-
Francisco Acosta
-
Olaf Kirch
-
Sebastian Krahmer
-
Steffen Dettmer