Snooping on sockets/file descriptors

All of lore.kernel.org
 help / color / mirror / Atom feed

From: fmalita@gmail.com (Florin Malita)
To: kernelnewbies@lists.kernelnewbies.org
Subject: Snooping on sockets/file descriptors
Date: Mon, 04 Apr 2011 11:43:37 -0400	[thread overview]
Message-ID: <4D99E729.6080805@gmail.com> (raw)
In-Reply-To: <AANLkTinOmefDi3qSN6-yrAa+ewD4=n8Qe3xaE4BCJFzQ@mail.gmail.com>

On 03/31/11 15:29, Vimal wrote:
> Is it possible for an application (say "snoop", with sufficient
> privileges) to monitor data on any socket/file descriptor in the
> system?
"snoop" it is :)

http://sourceforge.net/projects/snoop/


> Here's an example:  suppose we have a browser and it creates a tcp
> socket to connect to a URL.  Whenever the browser issues a read() and
> data is pushed to user space, I want "snoop" to get notified and made
> available a copy of the same data that the browser read.

For this particular scenario snoop may not be the best choice: while it 
can attach on-the-fly when opening local files (inotify trigger), socket 
FDs must be picked manually after they've been opened 
(/proc/<pid>/fd/...) - so unless your connection is long-lived, this is 
going to be tricky.

--
Florin

     prev parent reply	other threads:[~2011-04-04 15:43 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <AANLkTimuc_tuZ9kVJU6q6CXDzE737vZYvfrKekN+SzcM@mail.gmail.com>
2011-03-31 19:29 ` Snooping on sockets/file descriptors Vimal
2011-03-31 19:58   ` Daniel Baluta
2011-03-31 20:04     ` Vimal
2011-04-01  0:19       ` Mulyadi Santosa
2011-04-01  7:23         ` Vimal
2011-04-01 13:34           ` Javier Martinez Canillas
2011-04-01 15:28             ` Vimal
2011-04-04 15:43   ` Florin Malita [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D99E729.6080805@gmail.com \
    --to=fmalita@gmail.com \
    --cc=kernelnewbies@lists.kernelnewbies.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.