Monitor a local unix domain socket like tcpdump


I'd like to monitor responses on a unix socket without disturbing the original connections and pipe them to a script for processing.

I know how to do this with tcpdump for tcp connections but I cannot seem to find a solution for local unix sockets.

Is this even possible?

Best Answer

There's a guy that claims to do so by creating an app that acts as a gateway between two sockets and logging all data that flows. So you can't tap on a socket but if you can restart the service and tune it to use this guy app you will be able to see all traffic.

Here is the link to the post: Unix Socket Sniffer

There's another way that needs you to find the process id attached to the socket, then find with lsof the file descriptor of the socket and then tap the file descriptor using strace.

If you can stop whatever client/server is using the socket and reconfigure it I would recommend always the first method, second method it's tricky and requires you to tap a current process which on some apps could cause it to crash.

Hope someone enlighten us with anoter way :)

Good luck

Related Question