Skip to content
/ sockdump Public
forked from mechpen/sockdump

Dump unix domain socket traffic

0 stars 49 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

josh0yeh/sockdump

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
wireshark
wireshark
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
sockdump.py
sockdump.py
 
 

Repository files navigation

sockdump

Dump unix domain socket traffic.

Requirement

  • bcc

Example

string output

$ sudo ./sockdump.py /var/run/docker.sock # run "docker ps" in another terminal
>>> docker[3412] len 83
GET /_ping HTTP/1.1
Host: docker
User-Agent: Docker-Client/18.06.1-ce (linux)

>>> dockerd[370] len 215
HTTP/1.1 200 OK
Api-Version: 1.38
Docker-Experimental: false
Ostype: linux
Server: Docker/18.06.1-ce (linux)
Date: Tue, 25 Sep 2018 07:05:03 GMT
Content-Length: 2
Content-Type: text/plain; charset=utf-8

OK>>> docker[3412] len 99
GET /v1.38/containers/json HTTP/1.1
Host: docker
User-Agent: Docker-Client/18.06.1-ce (linux)

>>> dockerd[370] len 207
HTTP/1.1 200 OK
Api-Version: 1.38
Content-Type: application/json
Docker-Experimental: false
Ostype: linux
Server: Docker/18.06.1-ce (linux)
Date: Tue, 25 Sep 2018 07:05:03 GMT
Content-Length: 3

[]

pcap output

$ sudo ./sockdump.py /var/run/docker.sock --format pcap --output dump
^C
16 packets captured
$ wireshark-gtk -X lua_script:wireshark/dummy.lua dump

wireshark

Limitations

$ grep FIXME: sockdump.py 
# FIXME: sock path is relative
# FIXME: optimize filter

About

Dump unix domain socket traffic

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 91.1%
  • Lua 8.9%