{"id":13775558,"url":"https://github.com/mechpen/sockdump","last_synced_at":"2025-10-24T13:24:50.526Z","repository":{"id":38751631,"uuid":"150222936","full_name":"mechpen/sockdump","owner":"mechpen","description":"Dump unix domain socket traffic with bpf","archived":false,"fork":false,"pushed_at":"2023-12-11T08:02:04.000Z","size":248,"stargazers_count":385,"open_issues_count":2,"forks_count":52,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-03-29T12:06:12.280Z","etag":null,"topics":["bcc","ebpf","packet-capture","tcpdump","unix-domain-socket"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mechpen.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-09-25T07:13:57.000Z","updated_at":"2025-03-13T18:49:59.000Z","dependencies_parsed_at":"2023-11-07T05:44:29.375Z","dependency_job_id":null,"html_url":"https://github.com/mechpen/sockdump","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mechpen%2Fsockdump","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mechpen%2Fsockdump/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mechpen%2Fsockdump/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mechpen%2Fsockdump/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mechpen","download_url":"https://codeload.github.com/mechpen/sockdump/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247339158,"owners_count":20923014,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bcc","ebpf","packet-capture","tcpdump","unix-domain-socket"],"created_at":"2024-08-03T17:01:41.227Z","updated_at":"2025-10-24T13:24:50.436Z","avatar_url":"https://github.com/mechpen.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"eec238a1a2657b70f7bbbe68a4421249\"\u003e\u003c/a\u003e其他","Python"],"sub_categories":["\u003ca id=\"b239f12aca7aa942b45836032cbef99a\"\u003e\u003c/a\u003e转换"],"readme":"# sockdump\n\nDump unix domain socket traffic.\n\nSupports STREAM and DGRAM types.\n\n## Requirement\n\n- bcc\n- python bcc bindings\n\n## Example\n\n### string output\n\n```\n$ sudo ./sockdump.py --format string /var/run/docker.sock\nwaiting for data\n19:23:06.633 \u003e\u003e\u003e process docker [31042 -\u003e 13710] len 81(81)\nHEAD /_ping HTTP/1.1\nHost: docker\nUser-Agent: Docker-Client/19.03.5 (linux)\n\n19:23:06.633 \u003e\u003e\u003e process dockerd [13710 -\u003e 31042] len 280(280)\nHTTP/1.1 200 OK\nApi-Version: 1.40\nCache-Control: no-cache, no-store, must-revalidate\nContent-Length: 0\nContent-Type: text/plain; charset=utf-8\nDocker-Experimental: false\nOstype: linux\nPragma: no-cache\nServer: Docker/19.03.5 (linux)\nDate: Fri, 20 Dec 2019 03:23:06 GMT\n\n19:23:06.633 \u003e\u003e\u003e process docker [31042 -\u003e 13710] len 96(96)\nGET /v1.40/containers/json HTTP/1.1\nHost: docker\nUser-Agent: Docker-Client/19.03.5 (linux)\n\n19:23:06.633 \u003e\u003e\u003e process dockerd [13710 -\u003e 31042] len 204(204)\nHTTP/1.1 200 OK\nApi-Version: 1.40\nContent-Type: application/json\nDocker-Experimental: false\nOstype: linux\nServer: Docker/19.03.5 (linux)\nDate: Fri, 20 Dec 2019 03:23:06 GMT\nContent-Length: 3\n\n[]\n^C\n4 packets captured\n```\n\n### hexstring output with prefix-based matching\n\n`ptp4l` + `pmc` used to show that sockdump can capture from all sockets starting with '/var/run/p',\nas pmc uses '/var/run/pmc.$PID' socket and talks to ptp4l that listens on '/var/run/ptp4l'.\n```\n$ sudo ./sockdump.py '/var/run/p*' --format hexstring\nwaiting for data\n10:11:28.968 \u003e\u003e\u003e process pmc [1108317 -\u003e 0] len 74(74)\n\\x0d\\x12\\x00\\x4a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe9\\x5d\\x00\\x00\\x04\\x7f\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x16\\x20\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n10:11:28.968 \u003e\u003e\u003e process ptp4l [896569 -\u003e 0] len 74(74)\n\\x0d\\x12\\x00\\x4a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x48\\x57\\xdd\\xff\\xfe\\x07\\x93\\x21\\x00\\x00\\x00\\x00\\x04\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe9\\x5d\\x00\\x00\\x02\\x00\\x00\\x01\\x00\\x16\\x20\\x00\\x01\\x00\\x00\\x01\\x80\\xf8\\xfe\\xff\\xff\\x80\\x48\\x57\\xdd\\xff\\xfe\\x07\\x93\\x21\\x00\\x00\n^C\n2 packets captured\n```\n\n### pcap output\n\n```\n$ sudo ./sockdump.py /var/run/docker.sock --format pcap --output dump\nwaiting for data\n^C\n8 packets captured\n$ wireshark -X lua_script:wireshark/dummy.lua dump\n```\n![wireshark](wireshark/wireshark.jpg)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmechpen%2Fsockdump","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmechpen%2Fsockdump","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmechpen%2Fsockdump/lists"}