我想要读取(如果你愿意的话可以称为中间人)另一个进程已经打开的套接字上的流量。
我这样做是为了调试目的。
我有一个进程(firefox)正在使用与服务器的连接,lsof 将其描述为
firefox 595 user 84u IPv4 6384178 0t0 TCP 192.168.0.105:43347->server:port (ESTABLISHED)
我认为这个连接是一个长寿命的 http 连接,并且想要读取 Firefox 和服务器发送到其中的文本。
关于如何做,您有什么想法吗?
答案1
您可以使用 监视所有网络连接wireshark。来自man wireshark:
xenial (1) wireshark.1.gz
Provided by: wireshark-qt_2.0.2+ga16e22e-1_i386
NAME
wireshark - Interactively dump and analyze network traffic
SYNOPSIS
wireshark [ -a <capture autostop condition> ] ...
[ -b <capture ring buffer option> ] ... [ -B <capture buffer size> ]
[ -c <capture packet count> ] [ -C <configuration profile> ] [ -D ]
[ --display=<X display to use> ] [ -f <capture filter> ]
[ -g <packet number> ] [ -h ] [ -H ] [ -i <capture interface>|- ]
[ -I ] [ -j ] [ -J <jump filter> ] [ -k ] [ -K <keytab> ] [ -l ] [ -L ]
[ -m <font> ] [ -n ] [ -N <name resolving flags> ]
[ -o <preference/recent setting> ] ... [ -p ] [ -P <path setting>]
[ -r <infile> ] [ -R <read (display) filter> ] [ -s <capture snaplen> ]
[ -S ] [ -t a|ad|adoy|d|dd|e|r|u|ud|udoy ] [ -v ] [ -w <outfile> ]
[ -X <eXtension option> ] [ -y <capture link type> ]
[ -Y <displaY filter> ] [ -z <statistics> ] [ <infile> ]
DESCRIPTION
Wireshark is a GUI network protocol analyzer. It lets you
interactively browse packet data from a live network or from a
previously saved capture file. Wireshark's native capture file format
is pcap format, which is also the format used by tcpdump and various
other tools.