| Title: | DIGITAL UNIX�(FORMERLY KNOWN AS DEC OSF/1) |
| Notice: | Welcome to the Digital UNIX Conference |
| Moderator: | SMURF::DENHAM |
| Created: | Thu Mar 16 1995 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 10068 |
| Total number of notes: | 35879 |
Hi,
I would like to know if it is possible
to look inside a specific socket (being used by an application)
and: (1) discover if it contains some data,
(2) "read" these data, without removing them from the socket.
This could help my customer to "debug" a socket application
he is testing now (using TCP sockets).
I used to do similar things some year ago,
opening /dev/kmem and seeking to some kernel
structures which contained this kind of infos.
Any suggestion? (if my approach is correct, which are
these kernel structures in Digital UNIX 3.2 ?)
Thanks in advance
Paolo
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 8764.1 | tcpdump... | SMURF::MENNER | it's just a box of Pax.. | Mon Feb 10 1997 09:00 | 3 |
You could use tcpdump to trace the tcp and user data (by specifying a
larger size with the -s option) Also you can specify the the
src/dest ports and src/dest host.
| |||||
| 8764.2 | something more | ULYSSE::CATTOLICO | Mon Feb 10 1997 12:08 | 13 | |
Thanks, that's a good idea.
For inspecting blocked sockets (i.e. not sending/receiving any
data), I was also looking for something
like "netstat -a", but providing some more details, as
WHICH DATA are inside the socket.
There's a way to do this?
Thanks in advance
Paolo
| |||||
| 8764.3 | SMURF::MENNER | it's just a box of Pax.. | Mon Feb 10 1997 14:40 | 4 | |
Can't get the DATA without reading (unlike STREAMS which does have
the I_PEEK ioctl). But you can find out how much data is there
via the FIONREAD ioctl - that is how much is in the RCVBUF.
| |||||
| 8764.4 | VAXCPU::michaud | Jeff Michaud - ObjectBroker | Mon Feb 10 1997 20:18 | 26 | |
> Can't get the DATA without reading (unlike STREAMS which does have > the I_PEEK ioctl). But you can find out how much data is there > via the FIONREAD ioctl - that is how much is in the RCVBUF. ??? I was assuming this customer wanted to be able to see what the actual data is that is queued up on the socket read queue from outside the process that has the socket open and is using it? If they do indeed have an open file descriptor that references that socket, you can indeed get the queued data w/out having the socket layer remove it from the queue: nbytes = recv(fd, buf, buflen, MSG_PEEK) else you'll have to use tcpdump as suggested before. To figure out what data is unread, use the Recv-Q field from the output of netstat to determine the number of unread bytes queued up, and look at tcpdump's output and work backwards. If you wanted to do this automatically you could write a tcpdump equiv using the packetfilter driver and reading socket data structures out of /dev/kmem to get the amount of data queued, ...... ..... in other words, if you could get cooperation from the application instead that you want to monitor to have it provide you with a dup of the socket you could simply use recv(MSG_PEEK), it would be alot less work :-) | |||||
| 8764.5 | thanks | ULYSSE::CATTOLICO | Mon Feb 17 1997 05:21 | 3 | |
thanks a lot
Paolo
| |||||