不需要root访问权限的优秀Linux TCP / IP监视工具? [英] Good Linux TCP/IP monitoring tools that don't need root access?
问题描述
我想调试要增强的程序的TCP / IP交互。我没有超级用户访问权限(因此没有tcpdump等),但是该应用程序以我自己的ID运行。我可以使用例如strace拦截系统调用,但是还有其他值得推荐的替代方法吗?如果是这样,为什么-他们提供什么?首选命令行(我的PC上现在没有安装X服务器:-(),但也对GUI感到好奇。)
I want to debug TCP/IP interactions for a program I'm enhancing. I don't have root access (so no tcpdump etc), but the app runs under my own id. I could use e.g. strace to intercept the system calls, but are there alternatives worth recommending over that? If so, why - what do they offer? Command line prefered (no X server installed on my PC right now :-(), but curious about GUIs too.
理想情况下,它会说:
app listening on port <portA>
app listening on port <portB>
client connection #1 accepted on listening port <portA> to local port <portC>
from remote <hostX:portXA>
app sent #1 <number> bytes "<data dump...>"
app received from client #1 <number> bytes "<data dump...>"
client #1 closed connection
我本人会一个人刮擦,但有太多轮子无法按原样重塑...。
Would scratch one together myself, but too many wheels to reinvent as is....
预先感谢。
更新:paulrubel和ypnos都提出了非常有帮助的建议...(希望我能接受两个答案,因为它们是截然不同的,并且同样好)。实现Paul建议的LD_PRELOAD拦截的代码如下:
UPDATE: both paulrubel and ypnos have made very helpful suggestions... (wish I could accept both answers, as they're distinct and equally good). Code implementing Paul's suggested LD_PRELOAD interception follows:
// TCP comms trace library
// as per http://www.jayconrod.com/cgi/view_post.py?23
#define _GNU_SOURCE
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <dlfcn.h>
typedef ssize_t (*Recv)(int s, void* buf, size_t len, int flags);
ssize_t recv(int s, void* buf, size_t len, int flags)
{
static Recv real = NULL;
if (!real)
real = (Recv)dlsym(RTLD_NEXT, "recv");
fprintf(stderr, "> recv(s '%d', buf %p, len %lld, flags %d)...\n",
s, buf, len, flags);
ssize_t result = real(s, buf, len, flags);
fprintf(stderr, "< recv(s '%d', buf %p, len %lld, flags %d) return %lld\n",
s, buf, len, flags, result);
return result;
}
typedef ssize_t (*Send)(int s, const void* buf, size_t len, int flags);
ssize_t send(int s, const void* buf, size_t len, int flags)
{
static Send real = NULL;
if (!real)
real = (Send)dlsym(RTLD_NEXT, "send");
fprintf(stderr, "> send(s '%d', buf %p, len %lld, flags %d)...\n",
s, buf, len, flags);
ssize_t result = real(s, buf, len, flags);
fprintf(stderr, "< recv(s '%d', buf %p, len %lld, flags %d) return %lld\n",
s, buf, len, flags, result);
return result;
}
typedef int (*Connect)(int s, const struct sockaddr* serv_addr, socklen_t addrlen);
int connect(int s, const struct sockaddr* serv_addr, socklen_t addrlen)
{
static Connect real = NULL;
if (!real)
real = (Connect)dlsym(RTLD_NEXT, "connect");
fprintf(stderr, "> connect(s %d, sockaddr %p, addrlen %d)\n",
s, (void*)serv_addr, addrlen);
int result = real(s, serv_addr, addrlen);
fprintf(stderr, "< connect(s %d, sockaddr %p, addrlen %d) return %d\n",
s, (void*)serv_addr, addrlen, result);
return result;
}
typedef int (*Accept)(int s, const struct sockaddr* serv_addr, socklen_t* addrlen);
int accept(int s, struct sockaddr* serv_addr, socklen_t* addrlen)
{
static Accept real = NULL;
if (!real)
real = (Accept)dlsym(RTLD_NEXT, "accept");
fprintf(stderr, "> accept(s %d, sockaddr %p, addrlen %p)\n",
s, (void*)serv_addr, addrlen);
int result = real(s, serv_addr, addrlen);
fprintf(stderr, "< accept(s %d, sockaddr %p, addrlen %p -> %d) return %d\n",
s, (void*)serv_addr, addrlen, *addrlen, result);
return result;
}
推荐答案
无法拦截套接字连接,即使您与受害者程序使用的用户ID相同。
There is no way to intercept socket connections even if you're running on the same user id as the victim program.
您需要做的是
-
让您自己的程序打印套接字编号等。
Let your own program print socket numbers etc.
让您的程序连接到另一个程序中事实将连接隧穿到真实目的地。在那里,您可以转储所有已发送/已接收的数据。
Let your program connect to another program that in fact tunnels the connection to the real destination. There you can dump all the data sent/received.
这篇关于不需要root访问权限的优秀Linux TCP / IP监视工具?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!