Sniffing Unix Domain Sockets

Usually wireshark is used to sniff packets traversing a network. But how does one sniff a unix domain socket? Using socat as a proxy is a neat trick to capture packets traversing a unix socket.

In the below command, /tmp/originalsocket is the socket the Unix Socket Server is listening on, while /tmp/duplicatesocket is the socket that the unix client should connect to. socat will dump all the transactions that go on in a hexadecimal format

sudo socat -t100 -x -v UNIX-LISTEN:/tmp/duplicatesocket,mode=777,reuseaddr,fork UNIX-CONNECT:/tmp/originalsocket

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.