From mboxrd@z Thu Jan 1 00:00:00 1970 From: fmalita@gmail.com (Florin Malita) Date: Mon, 04 Apr 2011 11:43:37 -0400 Subject: Snooping on sockets/file descriptors In-Reply-To: References: Message-ID: <4D99E729.6080805@gmail.com> To: kernelnewbies@lists.kernelnewbies.org List-Id: kernelnewbies.lists.kernelnewbies.org On 03/31/11 15:29, Vimal wrote: > Is it possible for an application (say "snoop", with sufficient > privileges) to monitor data on any socket/file descriptor in the > system? "snoop" it is :) http://sourceforge.net/projects/snoop/ > Here's an example: suppose we have a browser and it creates a tcp > socket to connect to a URL. Whenever the browser issues a read() and > data is pushed to user space, I want "snoop" to get notified and made > available a copy of the same data that the browser read. For this particular scenario snoop may not be the best choice: while it can attach on-the-fly when opening local files (inotify trigger), socket FDs must be picked manually after they've been opened (/proc//fd/...) - so unless your connection is long-lived, this is going to be tricky. -- Florin