Guy Harris wrote:
On Mon, Feb 25, 2002 at 02:51:56PM -0700, jim cromie wrote:
this is a long-shot
(it doesnt show up on capture interfaces list)
but..
is there any way to capture Unix sockets or FIFOs ?
No. The reason why UNIX-domain sockets and FIFOs don't show up on
capture interface lists is that there's no network interface involved,
and libpcap can only capture on network interfaces.
if not, is it reasonable to write a small program to
open such for reading, and echo stuff to UDP packets ?
You could perhaps do that - unfortunately, if your program reads from
the UNIX-domain socket, it'll probably be the only program able to do
so; if some other program is trying to read from the socket, they won't
both be able to read the same message from the socket at the same time,
as the first one to read it will get the message.
Unless there's some provision in the kernel for the particular OS you're
running for sniffing a UNIX-domain socket (i.e., passively reading from
it, and seeing traffic in *both* directions, without affecting what the
programs that are actively using the socket see), you probably won't be
able to sniff the traffic even with such a program.
happily, Im running Linux, so it is possible -
RECV(2) Linux Programmer's Manual RECV(2)
NAME
recv, recvfrom, recvmsg - receive a message from a socket
...
MSG_PEEK
This flag causes the receive operation to return
data from the beginning of the
receive queue without removing that data from the queue.
Thus, a subsequent receive
call will return the same data.
actually, this sounds somewhat portable (but I dont have other Unix at
hand to verify)
is this a decent candidate for a plug-in ?
can plugins have a GUI to control their activity ?
if so, Ill do a little digging..
so anyway, presuming I can peek and echo to UDP, would it make sense to
send them
to 127.0.0.2 ? they should still appear on lo, and be presumably
filterable on src 127.0.0.2
(or is it dest in this case?).
Im gropeing to try to insure that such packets dont interfere
with other stuff. High dest ports might be sufficient..
-jimc