On 03/31/11 15:29, Vimal wrote:
Is it possible for an application (say snoop, with sufficient
privileges) to monitor data on any socket/file descriptor in the
system?
snoop it is :)
http://sourceforge.net/projects/snoop/
Here's an example: suppose we have a browser and it creates a tcp
then, something like dtrace or systemtap? IMO you're looking for kinda
combo of kernel mode + user land sniffer... the user land sniffer,
in it's very simple form, is by using LD_PRELOAD ...
dtrace seems fine and is similar to ptrace. But then, one would have
to enumerate all possible
Hi Javier,
If you want to do it in the kernel, you can write a loadable kernel
module to register netfilter hooks and obtain the socket buffers
(sk_buff).
Thanks.
If you see my earlier posts, I didn't want netfilter/pcap because they
give me access to packets. I would like access to the
Hi,
Is it possible for an application (say snoop, with sufficient
privileges) to monitor data on any socket/file descriptor in the
system?
Here's an example: suppose we have a browser and it creates a tcp
socket to connect to a URL. Whenever the browser issues a read() and
data is pushed to
On Thu, Mar 31, 2011 at 10:29 PM, Vimal j.vi...@gmail.com wrote:
Hi,
Is it possible for an application (say snoop, with sufficient
privileges) to monitor data on any socket/file descriptor in the
system?
Here's an example: suppose we have a browser and it creates a tcp
socket to connect
Hi Daniel,
How about tcpdump?
Thanks for the suggestion.
tcpdump is good, but it doesn't solve all problems. There are a few reasons:
* TCP packets could arrive out of order
* The data needn't belong to a valid TCP connection
* The app could just discard data (close/flush/etc)
In short,
On Fri, Apr 1, 2011 at 03:04, Vimal j.vi...@gmail.com wrote:
Hi Daniel,
How about tcpdump?
Thanks for the suggestion.
tcpdump is good, but it doesn't solve all problems. There are a few reasons:
* TCP packets could arrive out of order
* The data needn't belong to a valid TCP
