On Thu, Mar 31, 2011 at 10:29 PM, Vimal [off-list ref] wrote:

Hi,

Is it possible for an application (say "snoop", with sufficient
privileges) to monitor data on any socket/file descriptor in the
system?

Here's an example: ?suppose we have a browser and it creates a tcp
socket to connect to a URL. ?Whenever the browser issues a read() and
data is pushed to user space, I want "snoop" to get notified and made
available a copy of the same data that the browser read.

ptrace can be used to do it, but then there are several ways the app
can read data. ?It could use read(), or recv() or recvmsg(). ?Is there
a better way to deal with this complexity?

It's like the action of "tee" on any socket/file descriptor in the system.

How about tcpdump?

thanks,
Daniel.