... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.protocols.tcp-ip

TCP and IP network protocols.

14,669 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 12,927 of 14,669

Roy Smith to dbtouch

Re: dup a connected socket

12 Jun 09 18:58:18

   3df61884   
   From: roy@panix.com   
      
   In article   
   <2a86c06c-8192-4bec-b30e-967071ec9213@z20g2000prh.googlegroups.com>,   
    dbtouch  wrote:   
      
   > Hi, Jorgen   
   >   
   > Thank you for reply. Then is there a way to duplicate a connected   
   > socket?   
      
   Jorgen's explanation below is exactly correct.  It sounds like what you   
   want is to have a second process receive a copy of the all the data the   
   first process sees.  There is no way to do this within the Socket API, for   
   precisely the reasons Jorgen outlined.   
      
   Jorgen also hinted at what is probably your best best -- use tcpdump, or   
   perhaps directly access the underlying pcap library directly.   
      
   Another possibility is a hardware solution; use an ethernet bridge which   
   can mirror packets from one port to another.  Perhaps combined with tcpdump   
   or pcap, this would allow you to monitor the packet stream on a third   
   machine (i.e. not the same host as either end of the connection).  Not for   
   the faint of heart, but perhaps something to be considered.   
      
      
      
   >   
   > Thanks,   
   >   
   > YE LIU   
   >   
   >   
   >   
   > On Jun 12, 10:19 am, Jorgen Grahn  wrote:   
   > > On Fri, 12 Jun 2009 06:13:09 -0700 (PDT), dbtouch    
   wrote:   
   > > > Dear fellow programmers,   
   > >   
   > > > I am working a system in which a monitor server log the message   
   > > > exchange between client and server. I am thinking to use dup to   
   > > > duplicate the connected socket and pass the duplicate fd to the   
   > > > monitor server. I assume that any message sent to the original socket,   
   > > > the duplicate socket will also receive it. Before I do a test, I want   
   > > > to hear your opinion.   
   > >   
   > > Think of it in terms of duplicate fds which refer to the same socket,   
   > > rather than duplicate sockets. There is only one TCP state, only one   
   > > set of TX/RX buffers and so on. (Same as with disk files.)   
   > >   
   > > So I think what you want cannot work.  If you have control over the   
   > > server, why do you need to snoop it, anyway?  (Short of debugging it   
   > > using tcpdump, that is).   
   > >   
   > > /Jorgen   
   > >   
   > > --   
   > >   // Jorgen Grahn  > \X/     snipabacken.se>          R'lyeh wgah'nagl fhtagn!   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]