Kind of hard to explain but I noticed when straceing the PID that has the socket open I cannot see any of the communication. How can I sit in the middle of a socket file to watch communication?
Take the 2-minute tour
×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems.. It's 100% free, no registration required.
|
|
||||
|
sockets are a kernel API for communication. Using the socket API, you can exchange data between two endpoints over TCP/IP connections, SCTP associations, UDP datagrams, or between two processes (datagram or connection) using Unix domain sockets... Being a kernel API, any interaction with a socket is via system calls ( So typically, More likely, in your case, it's something else. My bet would be that the application is multi-threaded and you're not stracing the right thread. Or it could be that the application is setuid/setgid and not started as superuser. If you want to strace what's being exchanged over Unix domain sockets, the options are:
For the MITM, you could for instance use Then, you see the X11 traffic that |
|||||||||
|
|
You can't "strace a socket", strace works on processes, so you can strace all processes that talk to the socket, but you can't use strace to see absolutely all communication involving the socket. You may be able to get somewhere with dtrace or systemtap if they're available on your OS, but that's quite a bit of work. |
|||
|
|
straceis not seeing the communication between a socket that I'm sending signals to. I want to be able to sit in the middle of this communication to see what is going on (likestrace -p). – josten Jul 14 '13 at 1:13