[tcpdump-workers] Link-layer header type for unix domain sockets (UDS)

František Kučera konference at frantovo.cz
Sun Mar 24 17:54:39 EDT 2019


Dne 24. 03. 19 v 22:50 František Kučera napsal(a):
> Dne 24. 03. 19 v 13:59 Michael Richardson napsal(a):
>> I don't see a problem with making up the metadata.
>
> Yes, it works. I attached a screenshot of my current proof-of-concept. 
> I can filter by the socket path, see the metadata in a structured way 
> and it also decodes the data format (DER in this case). But it is an 
> ugly hack with lot of unused or misused fields and layers (IP, UDP, 
> port numbers, HTTP headers...). I would like to have a proper and 
> clean solution.
The attachment: 
<https://vps.frantovo.cz/temp/uds-wireshark-dirty-hack.png> (just for 
illustration)


More information about the tcpdump-workers mailing list