Wireshark · Ethereal-users: Re: [Ethereal-users] capture on Unix Sockets ?

[Guy Harris <guy@xxxxxxxxxx>]

On Mon, Feb 25, 2002 at 02:51:56PM -0700, jim cromie wrote:
> this is a long-shot
>  (it doesnt show up on capture interfaces list)
> but..
> 
> is there any way to capture Unix sockets or FIFOs ?

No.  The reason why UNIX-domain sockets and FIFOs don't show up on
capture interface lists is that there's no network interface involved,
and libpcap can only capture on network interfaces.

> if not, is it reasonable to write a small program to
> open such for reading, and echo stuff to UDP packets ?

You could perhaps do that - unfortunately, if your program reads from
the UNIX-domain socket, it'll probably be the only program able to do
so; if some other program is trying to read from the socket, they won't
both be able to read the same message from the socket at the same time,
as the first one to read it will get the message.

Unless there's some provision in the kernel for the particular OS you're
running for sniffing a UNIX-domain socket (i.e., passively reading from
it, and seeing traffic in *both* directions, without affecting what the
programs that are actively using the socket see), you probably won't be
able to sniff the traffic even with such a program.