GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mechpen → sockdump

mechpen / sockdump

Licence: Unlicense License
Dump unix domain socket traffic with bpf

Programming Languages

python
139335 projects - #7 most used programming language
lua
6591 projects

Labels

unix-domain-socketebpftcpdumppacket-capturebcc

Projects that are alternatives of or similar to sockdump

Bpftrace
High-level tracing language for Linux eBPF
Stars: ✭ 4,526 (+2728.75%)
Mutual labels:  ebpf, bcc
Tcpdump
the TCPdump network dissector
Stars: ✭ 1,731 (+981.88%)
Mutual labels:  tcpdump, packet-capture
el7-bpf-specs
RPM specs for building bpf related tools on CentOS 7
Stars: ✭ 38 (-76.25%)
Mutual labels:  ebpf, bcc
bpfbox
🐝 BPFBox 📦 Exploring process confinement in eBPF
Stars: ✭ 93 (-41.87%)
Mutual labels:  ebpf, bcc
uprobe-http-tracer
uprobe-based HTTP tracer for Go binaries
Stars: ✭ 45 (-71.87%)
Mutual labels:  ebpf, bcc
tcpslice
tcpslice concatenates multiple pcap files together, or extracts time slices from one or more pcap files.
Stars: ✭ 48 (-70%)
Mutual labels:  tcpdump, packet-capture
rbbcc
BCC port for MRI - this is unofficial bonsai project.
Stars: ✭ 45 (-71.87%)
Mutual labels:  ebpf, bcc
lmp
LMP is a supermarket
Stars: ✭ 228 (+42.5%)
Mutual labels:  ebpf, bcc
iovisor-ovn
IOVisor OVN integration
Stars: ✭ 62 (-61.25%)
Mutual labels:  ebpf
Tanji
Habbo Packet Sniffer/Analyzer
Stars: ✭ 33 (-79.37%)
Mutual labels:  packet-capture
network-tools
Network Tools
Stars: ✭ 27 (-83.12%)
Mutual labels:  tcpdump
go-tc
traffic control in pure go - it allows to read and alter queues, filters and classes
Stars: ✭ 245 (+53.13%)
Mutual labels:  ebpf
postgres-bcc
Set of scripts to monitor PostgreSQL at low level using bcc
Stars: ✭ 37 (-76.87%)
Mutual labels:  bcc
zk-sniffer
sniffer and parse zookeeper packet
Stars: ✭ 38 (-76.25%)
Mutual labels:  packet-capture
pixie-demos
Demos for Pixie: github.com/pixie-io/pixie
Stars: ✭ 106 (-33.75%)
Mutual labels:  ebpf
p2pflow
Ethereum p2p traffic analysis with eBPF
Stars: ✭ 24 (-85%)
Mutual labels:  ebpf
ebpfpub
ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.
Stars: ✭ 86 (-46.25%)
Mutual labels:  ebpf
ehids
A Linux Host-based Intrusion Detection System based on eBPF.
Stars: ✭ 210 (+31.25%)
Mutual labels:  ebpf
packiffer
lightweight cross-platform networking toolkit
Stars: ✭ 52 (-67.5%)
Mutual labels:  ebpf
kernel new features
一个深挖 Linux 内核的新功能特性,以 io_uring, cgroup, ebpf, llvm 为代表,包含开源项目,代码案例,文章,视频,架构脑图等
Stars: ✭ 1,094 (+583.75%)
Mutual labels:  ebpf
View All Similar Projects ➔

sockdump

Dump unix domain socket traffic.

Supports STREAM and DGRAM types.

Requirement

  • bcc
  • python bcc bindings

Example

string output

$ sudo ./sockdump.py --format string /var/run/docker.sock
waiting for data
19:23:06.633 >>> process docker [31042 -> 13710] len 81(81)
HEAD /_ping HTTP/1.1
Host: docker
User-Agent: Docker-Client/19.03.5 (linux)

19:23:06.633 >>> process dockerd [13710 -> 31042] len 280(280)
HTTP/1.1 200 OK
Api-Version: 1.40
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Docker-Experimental: false
Ostype: linux
Pragma: no-cache
Server: Docker/19.03.5 (linux)
Date: Fri, 20 Dec 2019 03:23:06 GMT

19:23:06.633 >>> process docker [31042 -> 13710] len 96(96)
GET /v1.40/containers/json HTTP/1.1
Host: docker
User-Agent: Docker-Client/19.03.5 (linux)

19:23:06.633 >>> process dockerd [13710 -> 31042] len 204(204)
HTTP/1.1 200 OK
Api-Version: 1.40
Content-Type: application/json
Docker-Experimental: false
Ostype: linux
Server: Docker/19.03.5 (linux)
Date: Fri, 20 Dec 2019 03:23:06 GMT
Content-Length: 3

[]
^C
4 packets captured

hexstring output with prefix-based matching

ptp4l + pmc used to show that sockdump can capture from all sockets starting with '/var/run/p', as pmc uses '/var/run/pmc.$PID' socket and talks to ptp4l that listens on '/var/run/ptp4l'.

$ sudo ./sockdump.py '/var/run/p*' --format hexstring
waiting for data
10:11:28.968 >>> process pmc [1108317 -> 0] len 74(74)
\x0d\x12\x00\x4a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe9\x5d\x00\x00\x04\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x01\x00\x16\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
10:11:28.968 >>> process ptp4l [896569 -> 0] len 74(74)
\x0d\x12\x00\x4a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x48\x57\xdd\xff\xfe\x07\x93\x21\x00\x00\x00\x00\x04\x7f\x00\x00\x00\x00\x00\x00\x00\x00\xe9\x5d\x00\x00\x02\x00\x00\x01\x00\x16\x20\x00\x01\x00\x00\x01\x80\xf8\xfe\xff\xff\x80\x48\x57\xdd\xff\xfe\x07\x93\x21\x00\x00
^C
2 packets captured

pcap output

$ sudo ./sockdump.py /var/run/docker.sock --format pcap --output dump
waiting for data
^C
8 packets captured
$ wireshark -X lua_script:wireshark/dummy.lua dump

wireshark

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].