On Fri, Apr 1, 2011 at 03:04, Vimal <j.vimal@xxxxxxxxx> wrote: > Hi Daniel, > >> >> How about tcpdump? >> > > Thanks for the suggestion. > > tcpdump is good, but it doesn't solve all problems. There are a few reasons: > > * TCP packets could arrive out of order > * The data needn't belong to a valid TCP connection > * The app could just discard data (close/flush/etc) > > In short, there is a lot of state and complex logic which act on the > packets before it is seen by the application. then, something like dtrace or systemtap? IMO you're looking for kinda combo of kernel mode + user land "sniffer"... the user land sniffer, in it's very simple form, is by using LD_PRELOAD ... -- regards, Mulyadi Santosa Freelance Linux trainer and consultant blog: the-hydra.blogspot.com training: mulyaditraining.blogspot.com _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
