Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: [suse-security] unix named socket
  • From: Olaf Kirch <okir@xxxxxxx>
  • Date: Wed, 16 Jul 2003 15:45:37 +0200
  • Message-id: <20030716134537.GD11009@xxxxxxx>
On Wed, Jul 16, 2003 at 09:42:06AM -0400, Francisco Acosta wrote:
> How can I trace passively, communications through unix named socket, in
> the same way that ethereal or tcpdump do it for TCP/UDP?.

You cannot, really. What you can do is write a small apllication
that moves the socket aside, creates a new one in its place, and
acts as a monkey-in-the-middle for these sockets.

It's an interesting thing to do for /tmp/.X11-unix/X0 if you want to
snoop on an application :)

It's not quite the same however as tcpdump, because the client will
see a broken connection when you exit your sniffer.

Olaf Kirch | Anyone who has had to work with X.509 has probably
okir@xxxxxxx | experienced what can best be described as
---------------+ ISO water torture. -- Peter Gutmann

< Previous Next >