Snooping on sockets/file descriptors
Vimal
j.vimal at gmail.com
Thu Mar 31 15:29:11 EDT 2011
Hi,
Is it possible for an application (say "snoop", with sufficient
privileges) to monitor data on any socket/file descriptor in the
system?
Here's an example: suppose we have a browser and it creates a tcp
socket to connect to a URL. Whenever the browser issues a read() and
data is pushed to user space, I want "snoop" to get notified and made
available a copy of the same data that the browser read.
ptrace can be used to do it, but then there are several ways the app
can read data. It could use read(), or recv() or recvmsg(). Is there
a better way to deal with this complexity?
It's like the action of "tee" on any socket/file descriptor in the system.
--
Vimal
More information about the Kernelnewbies
mailing list