Sniffing Unix Domain Sockets

Usually wireshark is used to sniff packets traversing a network. But how does one sniff a unix domain socket? Using socat as a proxy is a neat trick to capture packets traversing a unix socket.

In the below command, /tmp/originalsocket is the socket the Unix Socket Server is listening on, while /tmp/duplicatesocket is the socket that the unix client should connect to. socat will dump all the transactions that go on in a hexadecimal format

sudo socat -t100 -x -v UNIX-LISTEN:/tmp/duplicatesocket,mode=777,reuseaddr,fork UNIX-CONNECT:/tmp/originalsocket

About Pratik Sinha

Linux Nerd, Socialist, Atheist, Adventuristic, Nature Lover, Geeky.

Leave a Reply