Can I monitor a local unix domain socket like tcpdump?Is there a software that allows RS232 sniffing and...

Little known, relatively unlikely, but scientifically plausible, apocalyptic (or near apocalyptic) events

Avoiding the "not like other girls" trope?

ssTTsSTtRrriinInnnnNNNIiinngg

How can I determine if the org that I'm currently connected to is a scratch org?

How would I stat a creature to be immune to everything but the Magic Missile spell? (just for fun)

Why was the shrinking from 8″ made only to 5.25″ and not smaller (4″ or less)?

Examples of smooth manifolds admitting inbetween one and a continuum of complex structures

Why is it a bad idea to hire a hitman to eliminate most corrupt politicians?

What killed these X2 caps?

Alternative to sending password over mail?

If human space travel is limited by the G force vulnerability, is there a way to counter G forces?

Venezuelan girlfriend wants to travel the USA to be with me. What is the process?

Is it possible to create a QR code using text?

Detention in 1997

Can I run a new neutral wire to repair a broken circuit?

What exploit Are these user agents trying to use?

How could indestructible materials be used in power generation?

A category-like structure without composition?

How do I deal with an unproductive colleague in a small company?

Can my sorcerer use a spellbook only to collect spells and scribe scrolls, not cast?

Why can't we play rap on piano?

What do you call someone who asks many questions?

Short story with a alien planet, government officials must wear exploding medallions

What is a romance in Latin?



Can I monitor a local unix domain socket like tcpdump?


Is there a software that allows RS232 sniffing and TCP/UDP listeningHow does the Inetutils telnet utility determine if a connection is still alive?SSH over local unix socketBridging two socketsSoftware to proxy socket connections across a TTY-like linkToo many open files on socketDetermining what process has bound a port (without listening) on WindowsHow do I troubleshoot if I see the incoming packet in tcpdump, but not at the socket?windows server 2012 network socket debugging (winsock / netsh) - debugging toolsHow to find attached processes via unix domain socket?How to have a value different from 0 in netstat's Send-Q column for a socket in the LISTEN state?













55















I'd like to monitor responses on a unix socket without disturbing the original connections and pipe them to a script for processing.



I know how to do this with tcpdump for tcp connections but I cannot seem to find a solution for local unix sockets.



Is this even possible?










share|improve this question

























  • Related: Watchdog monitoring UNIX domain socket, triggering events upon specific content

    – kenorb
    Aug 27 '17 at 18:33
















55















I'd like to monitor responses on a unix socket without disturbing the original connections and pipe them to a script for processing.



I know how to do this with tcpdump for tcp connections but I cannot seem to find a solution for local unix sockets.



Is this even possible?










share|improve this question

























  • Related: Watchdog monitoring UNIX domain socket, triggering events upon specific content

    – kenorb
    Aug 27 '17 at 18:33














55












55








55


27






I'd like to monitor responses on a unix socket without disturbing the original connections and pipe them to a script for processing.



I know how to do this with tcpdump for tcp connections but I cannot seem to find a solution for local unix sockets.



Is this even possible?










share|improve this question
















I'd like to monitor responses on a unix socket without disturbing the original connections and pipe them to a script for processing.



I know how to do this with tcpdump for tcp connections but I cannot seem to find a solution for local unix sockets.



Is this even possible?







unix domain sockets tcpdump






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 7 '12 at 20:44







ck_

















asked Oct 7 '12 at 20:23









ck_ck_

1,13511014




1,13511014













  • Related: Watchdog monitoring UNIX domain socket, triggering events upon specific content

    – kenorb
    Aug 27 '17 at 18:33



















  • Related: Watchdog monitoring UNIX domain socket, triggering events upon specific content

    – kenorb
    Aug 27 '17 at 18:33

















Related: Watchdog monitoring UNIX domain socket, triggering events upon specific content

– kenorb
Aug 27 '17 at 18:33





Related: Watchdog monitoring UNIX domain socket, triggering events upon specific content

– kenorb
Aug 27 '17 at 18:33










4 Answers
4






active

oldest

votes


















14














There's a guy that claims to do so by creating an app that acts as a gateway between two sockets and logging all data that flows. So you can't tap on a socket but if you can restart the service and tune it to use this guy app you will be able to see all traffic.



Here is the link to the post: Unix Socket Sniffer



There's another way that needs you to find the process id attached to the socket, then find with lsof the file descriptor of the socket and then tap the file descriptor using strace.



If you can stop whatever client/server is using the socket and reconfigure it I would recommend always the first method, second method it's tricky and requires you to tap a current process which on some apps could cause it to crash.



Hope someone enlighten us with anoter way :)



Good luck






share|improve this answer
























  • Yah, you can do the middleman method also with socat but I am hoping for a more direct way without modifying existing settings elsewhere.

    – ck_
    Oct 8 '12 at 1:15






  • 1





    Then lsof and strace it's the only way I'm aware of. Watch out on produciton when you detach strace from the process, check that everything keeps running after that.

    – Valor
    Oct 8 '12 at 1:31






  • 3





    After some more digging around I found a similar question with some details about why this is not directly possible over on stackoverflow stackoverflow.com/questions/8394613/…

    – ck_
    Oct 8 '12 at 13:56



















77














you can use socat.



sudo mv /path/to/sock /path/to/sock.original
sudo socat -t100 -x -v UNIX-LISTEN:/path/to/sock,mode=777,reuseaddr,fork UNIX-CONNECT:/path/to/sock.original


What is happening above: First move original socket to sock.original. Socat creates a new socket ('UNIX-LISTEN') in the originals location and forwards all to the original ('UNIX-connect'). The -v tells socat to also print output to STDERR.






share|improve this answer





















  • 3





    Care to add a little more explanation?

    – Kazark
    Apr 1 '13 at 16:10






  • 3





    That's easy when the original unix socket has a path on the filesystem. but what if it's an abstract namespace unix socket that you cannot actually move?

    – Valerio Schiavoni
    Jun 14 '16 at 17:59



















6














You might also try using strace on one of the processes on either side of the socket, since this will let you watch what is written/read. I found in my production environments, I don't have socat, but do have strace.



For any useful purpose, setting -s to something big is a must.






share|improve this answer
























  • This worked well for me, and easy to do. Use strace -p <pid> to watch a running process.

    – Matt Munson
    Feb 25 '16 at 3:07











  • quick command: strace -s9999 -f $(for i in $( pidof php5-fpm ) ; do echo -n " -p $i "; done ) 2>&1 | tee /tmp/php.log and then run the tests. You have the /tmp/php.log to slowly check if the log is too big. If you are getting too much traffic, do a request with a query-string with your name or something so you can search for it in the logs

    – higuita
    Apr 18 '17 at 16:51






  • 1





    @higuita I know it's been a long time, but instead of that loop you can let printf handle the repetition. printf " -p %s" $(pidof php5-fpm) will prefix each pid argument with -p and is much more practical to write.

    – JoL
    Jul 20 '18 at 1:26



















0














// backup the socket
sudo mv /var/run/docker.sock /var/run/docker.sock.original

// use tcp port 8089 proxy the original socket
sudo socat TCP-LISTEN:8089,reuseaddr,fork UNIX-CONNECT:/var/run/docker.sock.original

// use the new socket to proxy the 8089 port
sudo socat UNIX-LISTEN:/var/run/docker.sock,fork TCP-CONNECT:127.0.0.1:8089


then: sudo tcpdump -i lo -netvv port 8089





share
























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f484671%2fcan-i-monitor-a-local-unix-domain-socket-like-tcpdump%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    4 Answers
    4






    active

    oldest

    votes








    4 Answers
    4






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    14














    There's a guy that claims to do so by creating an app that acts as a gateway between two sockets and logging all data that flows. So you can't tap on a socket but if you can restart the service and tune it to use this guy app you will be able to see all traffic.



    Here is the link to the post: Unix Socket Sniffer



    There's another way that needs you to find the process id attached to the socket, then find with lsof the file descriptor of the socket and then tap the file descriptor using strace.



    If you can stop whatever client/server is using the socket and reconfigure it I would recommend always the first method, second method it's tricky and requires you to tap a current process which on some apps could cause it to crash.



    Hope someone enlighten us with anoter way :)



    Good luck






    share|improve this answer
























    • Yah, you can do the middleman method also with socat but I am hoping for a more direct way without modifying existing settings elsewhere.

      – ck_
      Oct 8 '12 at 1:15






    • 1





      Then lsof and strace it's the only way I'm aware of. Watch out on produciton when you detach strace from the process, check that everything keeps running after that.

      – Valor
      Oct 8 '12 at 1:31






    • 3





      After some more digging around I found a similar question with some details about why this is not directly possible over on stackoverflow stackoverflow.com/questions/8394613/…

      – ck_
      Oct 8 '12 at 13:56
















    14














    There's a guy that claims to do so by creating an app that acts as a gateway between two sockets and logging all data that flows. So you can't tap on a socket but if you can restart the service and tune it to use this guy app you will be able to see all traffic.



    Here is the link to the post: Unix Socket Sniffer



    There's another way that needs you to find the process id attached to the socket, then find with lsof the file descriptor of the socket and then tap the file descriptor using strace.



    If you can stop whatever client/server is using the socket and reconfigure it I would recommend always the first method, second method it's tricky and requires you to tap a current process which on some apps could cause it to crash.



    Hope someone enlighten us with anoter way :)



    Good luck






    share|improve this answer
























    • Yah, you can do the middleman method also with socat but I am hoping for a more direct way without modifying existing settings elsewhere.

      – ck_
      Oct 8 '12 at 1:15






    • 1





      Then lsof and strace it's the only way I'm aware of. Watch out on produciton when you detach strace from the process, check that everything keeps running after that.

      – Valor
      Oct 8 '12 at 1:31






    • 3





      After some more digging around I found a similar question with some details about why this is not directly possible over on stackoverflow stackoverflow.com/questions/8394613/…

      – ck_
      Oct 8 '12 at 13:56














    14












    14








    14







    There's a guy that claims to do so by creating an app that acts as a gateway between two sockets and logging all data that flows. So you can't tap on a socket but if you can restart the service and tune it to use this guy app you will be able to see all traffic.



    Here is the link to the post: Unix Socket Sniffer



    There's another way that needs you to find the process id attached to the socket, then find with lsof the file descriptor of the socket and then tap the file descriptor using strace.



    If you can stop whatever client/server is using the socket and reconfigure it I would recommend always the first method, second method it's tricky and requires you to tap a current process which on some apps could cause it to crash.



    Hope someone enlighten us with anoter way :)



    Good luck






    share|improve this answer













    There's a guy that claims to do so by creating an app that acts as a gateway between two sockets and logging all data that flows. So you can't tap on a socket but if you can restart the service and tune it to use this guy app you will be able to see all traffic.



    Here is the link to the post: Unix Socket Sniffer



    There's another way that needs you to find the process id attached to the socket, then find with lsof the file descriptor of the socket and then tap the file descriptor using strace.



    If you can stop whatever client/server is using the socket and reconfigure it I would recommend always the first method, second method it's tricky and requires you to tap a current process which on some apps could cause it to crash.



    Hope someone enlighten us with anoter way :)



    Good luck







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Oct 7 '12 at 21:39









    ValorValor

    45136




    45136













    • Yah, you can do the middleman method also with socat but I am hoping for a more direct way without modifying existing settings elsewhere.

      – ck_
      Oct 8 '12 at 1:15






    • 1





      Then lsof and strace it's the only way I'm aware of. Watch out on produciton when you detach strace from the process, check that everything keeps running after that.

      – Valor
      Oct 8 '12 at 1:31






    • 3





      After some more digging around I found a similar question with some details about why this is not directly possible over on stackoverflow stackoverflow.com/questions/8394613/…

      – ck_
      Oct 8 '12 at 13:56



















    • Yah, you can do the middleman method also with socat but I am hoping for a more direct way without modifying existing settings elsewhere.

      – ck_
      Oct 8 '12 at 1:15






    • 1





      Then lsof and strace it's the only way I'm aware of. Watch out on produciton when you detach strace from the process, check that everything keeps running after that.

      – Valor
      Oct 8 '12 at 1:31






    • 3





      After some more digging around I found a similar question with some details about why this is not directly possible over on stackoverflow stackoverflow.com/questions/8394613/…

      – ck_
      Oct 8 '12 at 13:56

















    Yah, you can do the middleman method also with socat but I am hoping for a more direct way without modifying existing settings elsewhere.

    – ck_
    Oct 8 '12 at 1:15





    Yah, you can do the middleman method also with socat but I am hoping for a more direct way without modifying existing settings elsewhere.

    – ck_
    Oct 8 '12 at 1:15




    1




    1





    Then lsof and strace it's the only way I'm aware of. Watch out on produciton when you detach strace from the process, check that everything keeps running after that.

    – Valor
    Oct 8 '12 at 1:31





    Then lsof and strace it's the only way I'm aware of. Watch out on produciton when you detach strace from the process, check that everything keeps running after that.

    – Valor
    Oct 8 '12 at 1:31




    3




    3





    After some more digging around I found a similar question with some details about why this is not directly possible over on stackoverflow stackoverflow.com/questions/8394613/…

    – ck_
    Oct 8 '12 at 13:56





    After some more digging around I found a similar question with some details about why this is not directly possible over on stackoverflow stackoverflow.com/questions/8394613/…

    – ck_
    Oct 8 '12 at 13:56













    77














    you can use socat.



    sudo mv /path/to/sock /path/to/sock.original
    sudo socat -t100 -x -v UNIX-LISTEN:/path/to/sock,mode=777,reuseaddr,fork UNIX-CONNECT:/path/to/sock.original


    What is happening above: First move original socket to sock.original. Socat creates a new socket ('UNIX-LISTEN') in the originals location and forwards all to the original ('UNIX-connect'). The -v tells socat to also print output to STDERR.






    share|improve this answer





















    • 3





      Care to add a little more explanation?

      – Kazark
      Apr 1 '13 at 16:10






    • 3





      That's easy when the original unix socket has a path on the filesystem. but what if it's an abstract namespace unix socket that you cannot actually move?

      – Valerio Schiavoni
      Jun 14 '16 at 17:59
















    77














    you can use socat.



    sudo mv /path/to/sock /path/to/sock.original
    sudo socat -t100 -x -v UNIX-LISTEN:/path/to/sock,mode=777,reuseaddr,fork UNIX-CONNECT:/path/to/sock.original


    What is happening above: First move original socket to sock.original. Socat creates a new socket ('UNIX-LISTEN') in the originals location and forwards all to the original ('UNIX-connect'). The -v tells socat to also print output to STDERR.






    share|improve this answer





















    • 3





      Care to add a little more explanation?

      – Kazark
      Apr 1 '13 at 16:10






    • 3





      That's easy when the original unix socket has a path on the filesystem. but what if it's an abstract namespace unix socket that you cannot actually move?

      – Valerio Schiavoni
      Jun 14 '16 at 17:59














    77












    77








    77







    you can use socat.



    sudo mv /path/to/sock /path/to/sock.original
    sudo socat -t100 -x -v UNIX-LISTEN:/path/to/sock,mode=777,reuseaddr,fork UNIX-CONNECT:/path/to/sock.original


    What is happening above: First move original socket to sock.original. Socat creates a new socket ('UNIX-LISTEN') in the originals location and forwards all to the original ('UNIX-connect'). The -v tells socat to also print output to STDERR.






    share|improve this answer















    you can use socat.



    sudo mv /path/to/sock /path/to/sock.original
    sudo socat -t100 -x -v UNIX-LISTEN:/path/to/sock,mode=777,reuseaddr,fork UNIX-CONNECT:/path/to/sock.original


    What is happening above: First move original socket to sock.original. Socat creates a new socket ('UNIX-LISTEN') in the originals location and forwards all to the original ('UNIX-connect'). The -v tells socat to also print output to STDERR.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Apr 10 '14 at 15:15









    gesell

    1556




    1556










    answered Apr 1 '13 at 15:49









    storojstoroj

    871162




    871162








    • 3





      Care to add a little more explanation?

      – Kazark
      Apr 1 '13 at 16:10






    • 3





      That's easy when the original unix socket has a path on the filesystem. but what if it's an abstract namespace unix socket that you cannot actually move?

      – Valerio Schiavoni
      Jun 14 '16 at 17:59














    • 3





      Care to add a little more explanation?

      – Kazark
      Apr 1 '13 at 16:10






    • 3





      That's easy when the original unix socket has a path on the filesystem. but what if it's an abstract namespace unix socket that you cannot actually move?

      – Valerio Schiavoni
      Jun 14 '16 at 17:59








    3




    3





    Care to add a little more explanation?

    – Kazark
    Apr 1 '13 at 16:10





    Care to add a little more explanation?

    – Kazark
    Apr 1 '13 at 16:10




    3




    3





    That's easy when the original unix socket has a path on the filesystem. but what if it's an abstract namespace unix socket that you cannot actually move?

    – Valerio Schiavoni
    Jun 14 '16 at 17:59





    That's easy when the original unix socket has a path on the filesystem. but what if it's an abstract namespace unix socket that you cannot actually move?

    – Valerio Schiavoni
    Jun 14 '16 at 17:59











    6














    You might also try using strace on one of the processes on either side of the socket, since this will let you watch what is written/read. I found in my production environments, I don't have socat, but do have strace.



    For any useful purpose, setting -s to something big is a must.






    share|improve this answer
























    • This worked well for me, and easy to do. Use strace -p <pid> to watch a running process.

      – Matt Munson
      Feb 25 '16 at 3:07











    • quick command: strace -s9999 -f $(for i in $( pidof php5-fpm ) ; do echo -n " -p $i "; done ) 2>&1 | tee /tmp/php.log and then run the tests. You have the /tmp/php.log to slowly check if the log is too big. If you are getting too much traffic, do a request with a query-string with your name or something so you can search for it in the logs

      – higuita
      Apr 18 '17 at 16:51






    • 1





      @higuita I know it's been a long time, but instead of that loop you can let printf handle the repetition. printf " -p %s" $(pidof php5-fpm) will prefix each pid argument with -p and is much more practical to write.

      – JoL
      Jul 20 '18 at 1:26
















    6














    You might also try using strace on one of the processes on either side of the socket, since this will let you watch what is written/read. I found in my production environments, I don't have socat, but do have strace.



    For any useful purpose, setting -s to something big is a must.






    share|improve this answer
























    • This worked well for me, and easy to do. Use strace -p <pid> to watch a running process.

      – Matt Munson
      Feb 25 '16 at 3:07











    • quick command: strace -s9999 -f $(for i in $( pidof php5-fpm ) ; do echo -n " -p $i "; done ) 2>&1 | tee /tmp/php.log and then run the tests. You have the /tmp/php.log to slowly check if the log is too big. If you are getting too much traffic, do a request with a query-string with your name or something so you can search for it in the logs

      – higuita
      Apr 18 '17 at 16:51






    • 1





      @higuita I know it's been a long time, but instead of that loop you can let printf handle the repetition. printf " -p %s" $(pidof php5-fpm) will prefix each pid argument with -p and is much more practical to write.

      – JoL
      Jul 20 '18 at 1:26














    6












    6








    6







    You might also try using strace on one of the processes on either side of the socket, since this will let you watch what is written/read. I found in my production environments, I don't have socat, but do have strace.



    For any useful purpose, setting -s to something big is a must.






    share|improve this answer













    You might also try using strace on one of the processes on either side of the socket, since this will let you watch what is written/read. I found in my production environments, I don't have socat, but do have strace.



    For any useful purpose, setting -s to something big is a must.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Sep 21 '14 at 23:04









    omnigrokomnigrok

    6111




    6111













    • This worked well for me, and easy to do. Use strace -p <pid> to watch a running process.

      – Matt Munson
      Feb 25 '16 at 3:07











    • quick command: strace -s9999 -f $(for i in $( pidof php5-fpm ) ; do echo -n " -p $i "; done ) 2>&1 | tee /tmp/php.log and then run the tests. You have the /tmp/php.log to slowly check if the log is too big. If you are getting too much traffic, do a request with a query-string with your name or something so you can search for it in the logs

      – higuita
      Apr 18 '17 at 16:51






    • 1





      @higuita I know it's been a long time, but instead of that loop you can let printf handle the repetition. printf " -p %s" $(pidof php5-fpm) will prefix each pid argument with -p and is much more practical to write.

      – JoL
      Jul 20 '18 at 1:26



















    • This worked well for me, and easy to do. Use strace -p <pid> to watch a running process.

      – Matt Munson
      Feb 25 '16 at 3:07











    • quick command: strace -s9999 -f $(for i in $( pidof php5-fpm ) ; do echo -n " -p $i "; done ) 2>&1 | tee /tmp/php.log and then run the tests. You have the /tmp/php.log to slowly check if the log is too big. If you are getting too much traffic, do a request with a query-string with your name or something so you can search for it in the logs

      – higuita
      Apr 18 '17 at 16:51






    • 1





      @higuita I know it's been a long time, but instead of that loop you can let printf handle the repetition. printf " -p %s" $(pidof php5-fpm) will prefix each pid argument with -p and is much more practical to write.

      – JoL
      Jul 20 '18 at 1:26

















    This worked well for me, and easy to do. Use strace -p <pid> to watch a running process.

    – Matt Munson
    Feb 25 '16 at 3:07





    This worked well for me, and easy to do. Use strace -p <pid> to watch a running process.

    – Matt Munson
    Feb 25 '16 at 3:07













    quick command: strace -s9999 -f $(for i in $( pidof php5-fpm ) ; do echo -n " -p $i "; done ) 2>&1 | tee /tmp/php.log and then run the tests. You have the /tmp/php.log to slowly check if the log is too big. If you are getting too much traffic, do a request with a query-string with your name or something so you can search for it in the logs

    – higuita
    Apr 18 '17 at 16:51





    quick command: strace -s9999 -f $(for i in $( pidof php5-fpm ) ; do echo -n " -p $i "; done ) 2>&1 | tee /tmp/php.log and then run the tests. You have the /tmp/php.log to slowly check if the log is too big. If you are getting too much traffic, do a request with a query-string with your name or something so you can search for it in the logs

    – higuita
    Apr 18 '17 at 16:51




    1




    1





    @higuita I know it's been a long time, but instead of that loop you can let printf handle the repetition. printf " -p %s" $(pidof php5-fpm) will prefix each pid argument with -p and is much more practical to write.

    – JoL
    Jul 20 '18 at 1:26





    @higuita I know it's been a long time, but instead of that loop you can let printf handle the repetition. printf " -p %s" $(pidof php5-fpm) will prefix each pid argument with -p and is much more practical to write.

    – JoL
    Jul 20 '18 at 1:26











    0














    // backup the socket
    sudo mv /var/run/docker.sock /var/run/docker.sock.original

    // use tcp port 8089 proxy the original socket
    sudo socat TCP-LISTEN:8089,reuseaddr,fork UNIX-CONNECT:/var/run/docker.sock.original

    // use the new socket to proxy the 8089 port
    sudo socat UNIX-LISTEN:/var/run/docker.sock,fork TCP-CONNECT:127.0.0.1:8089


    then: sudo tcpdump -i lo -netvv port 8089





    share




























      0














      // backup the socket
      sudo mv /var/run/docker.sock /var/run/docker.sock.original

      // use tcp port 8089 proxy the original socket
      sudo socat TCP-LISTEN:8089,reuseaddr,fork UNIX-CONNECT:/var/run/docker.sock.original

      // use the new socket to proxy the 8089 port
      sudo socat UNIX-LISTEN:/var/run/docker.sock,fork TCP-CONNECT:127.0.0.1:8089


      then: sudo tcpdump -i lo -netvv port 8089





      share


























        0












        0








        0







        // backup the socket
        sudo mv /var/run/docker.sock /var/run/docker.sock.original

        // use tcp port 8089 proxy the original socket
        sudo socat TCP-LISTEN:8089,reuseaddr,fork UNIX-CONNECT:/var/run/docker.sock.original

        // use the new socket to proxy the 8089 port
        sudo socat UNIX-LISTEN:/var/run/docker.sock,fork TCP-CONNECT:127.0.0.1:8089


        then: sudo tcpdump -i lo -netvv port 8089





        share













        // backup the socket
        sudo mv /var/run/docker.sock /var/run/docker.sock.original

        // use tcp port 8089 proxy the original socket
        sudo socat TCP-LISTEN:8089,reuseaddr,fork UNIX-CONNECT:/var/run/docker.sock.original

        // use the new socket to proxy the 8089 port
        sudo socat UNIX-LISTEN:/var/run/docker.sock,fork TCP-CONNECT:127.0.0.1:8089


        then: sudo tcpdump -i lo -netvv port 8089






        share











        share


        share










        answered 3 mins ago









        任喜军任喜军

        11




        11






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f484671%2fcan-i-monitor-a-local-unix-domain-socket-like-tcpdump%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

            Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

            VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...