在已被另一个进程使用的套接字中使用“t”

在已被另一个进程使用的套接字中使用“t”

我想要读取(如果你愿意的话可以称为中间人)另一个进程已经打开的套接字上的流量。

我这样做是为了调试目的。

我有一个进程(firefox)正在使用与服务器的连接,lsof 将其描述为

 firefox   595 user   84u  IPv4 6384178      0t0  TCP 192.168.0.105:43347->server:port (ESTABLISHED)

我认为这个连接是一个长寿命的 http 连接,并且想要读取 Firefox 和服务器发送到其中的文本。

关于如何做,您有什么想法吗?

答案1

您可以使用 监视所有网络连接wireshark。来自man wireshark

xenial (1) wireshark.1.gz
Provided by: wireshark-qt_2.0.2+ga16e22e-1_i386 

NAME
       wireshark - Interactively dump and analyze network traffic

SYNOPSIS
       wireshark [ -a <capture autostop condition> ] ...
       [ -b <capture ring buffer option> ] ...  [ -B <capture buffer size> ]
       [ -c <capture packet count> ] [ -C <configuration profile> ] [ -D ]
       [ --display=<X display to use> ]  [ -f <capture filter> ]
       [ -g <packet number> ] [ -h ] [ -H ] [ -i <capture interface>|- ]
       [ -I ] [ -j ] [ -J <jump filter> ] [ -k ] [ -K <keytab> ] [ -l ] [ -L ]
       [ -m <font> ] [ -n ] [ -N <name resolving flags> ]
       [ -o <preference/recent setting> ] ...  [ -p ] [ -P <path setting>]
       [ -r <infile> ] [ -R <read (display) filter> ] [ -s <capture snaplen> ]
       [ -S ] [ -t a|ad|adoy|d|dd|e|r|u|ud|udoy ] [ -v ] [ -w <outfile> ]
       [ -X <eXtension option> ] [ -y <capture link type> ]
       [ -Y <displaY filter> ] [ -z <statistics> ] [ <infile> ]

DESCRIPTION
       Wireshark is a GUI network protocol analyzer.  It lets you
       interactively browse packet data from a live network or from a
       previously saved capture file.  Wireshark's native capture file format
       is pcap format, which is also the format used by tcpdump and various
       other tools.

相关内容