2

After some digging on the Internet, I've been unable to find a satisfying solution for my curiosity... Here's the thing : using a shell script, I've been able to obtain a list of IP addresses connected to my computer (ss), along with the names/PID of the applications (netstat -pn) listening for those connections (Skype, Chromium, and so on)

Once those applications have received data from a remote server, they "parse" it their way, and display it to me (HTML interpreted by the browser, conversations organised by the Skype client, ...), just as they should.

Here's where my curiosity comes in : I think it would be interesting to "eavesdrop" this data stream coming to the applications, in order to know how each of them communicates over the network (communication protocol, data structure, ...).

Do you know of any way there could be, to get an eye on this raw data, coming in to get processed by my applications ?

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
John WH Smith
  • 127
  • 1
  • 6
  • Disclaimer: `What you are doing might be illegal. Read the laws.` – Undo May 08 '13 at 21:41
  • 1
    It crossed my mind, indeed. However, I'm not willing to eavesdrop someone else's connection (like it would be the case in a MiTM attack). This "raw data" I'm willing to read is sent to me willingly by a remote host (Skype contact, web server, ...), to be treated by an application on my computer. Would it be illegal to read this stream before it reaches the application, considering that the data is intended for me, anyway ? –  May 08 '13 at 21:49
  • If it's going to be your data anyway, I couldn't see anything wrong with it. (But get a lawyer and pay him enough and he could) – Undo May 08 '13 at 21:54
  • 1
    Well when I think about a web transaction, it doesn't seem illegal to me. Even though Chromium parses the server's answer, I can still read the source code, and the HTTP headers using some browser extension, or something like that. What I want is to do the same with other applications, get the RAW answer from the remote host. –  May 08 '13 at 21:57
  • I don't see any problem sniffing the traffic of your own applications. If packing inspection becomes illegal, every application layer firewall and deep packet inspection engine vendors would be out of business. – void_in May 09 '13 at 21:02

1 Answers1

2

Try to install and use Wireshark network sniffer. It already know how to parse tons of protocols. And its ability to parse protocols can be expanded.

Nikolai
  • 146
  • 4
  • Seems like the best solution indeed. Thank you. I also thought about the tcpdump utility, with the -A option : tcpdump -Ai eth0 'tcp port 12345' –  May 09 '13 at 14:47