On Thu, Mar 31, 2011 at 10:29 PM, Vimal <j.vimal@xxxxxxxxx> wrote: > Hi, > > Is it possible for an application (say "snoop", with sufficient > privileges) to monitor data on any socket/file descriptor in the > system? > > Here's an example: suppose we have a browser and it creates a tcp > socket to connect to a URL. Whenever the browser issues a read() and > data is pushed to user space, I want "snoop" to get notified and made > available a copy of the same data that the browser read. > > ptrace can be used to do it, but then there are several ways the app > can read data. It could use read(), or recv() or recvmsg(). Is there > a better way to deal with this complexity? > > It's like the action of "tee" on any socket/file descriptor in the system. How about tcpdump? thanks, Daniel. _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
