On Wed, Jul 16, 2003 at 09:42:06AM -0400, Francisco Acosta wrote:
How can I trace passively, communications through unix named socket, in the same way that ethereal or tcpdump do it for TCP/UDP?.
You cannot, really. What you can do is write a small apllication that moves the socket aside, creates a new one in its place, and acts as a monkey-in-the-middle for these sockets. It's an interesting thing to do for /tmp/.X11-unix/X0 if you want to snoop on an application :) It's not quite the same however as tcpdump, because the client will see a broken connection when you exit your sniffer. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann