|FreeVR: Virtual Reality Integration Library|
SOCKETSPYSection: FreeVR Commands (1FV)
Updated: 17 September 2013
Index Return to Main Contents
The socketspy program is a tool for determining network protocols between devices and software over socket ports. It works as a man-in-the-middle interceptor that outputs data to a terminal or a file while at the same time passing data back and forth between server and client - to allow them to continue to operate.
Data traffic is directional, and so each line of information is preceded with a "From Server:" or "From Client:" if it originated from the server or client, respectively. This is then followed by the number of bytes that are reported on that line.
The default representation of the data is in one byte (two-digit) hexadecimal numbers. By default, after 16 values are printed a new line is begun.
Values for which the high bit is set (0x80 - 0xff) are highlighted in red. This can sometimes make it easier to see patterns in the data. In addition, one other value can be specified as the "flag" value, and it will be highlighted in green. If one knows or has a guess as to what value might always indicate the beginning of a packet, then flagging this byte can make it easier to notice the size of the packets.
There are a number of interactive commands that can be given via live keyboard input to help parse the data as it streams. In particular, if there is an obvious stride to the data, then adjusting the number of bytes per line (the frequency value) can be used to match the stride and view packets more naturally. In addition, the beginning of the line can be (phase) shifted one byte left or right to attempt to line up the beginning of regularly sized packets with the left-most column.
There are three types of information that can be displayed for each byte: the hexadecimal value, the ASCII value and the binary representation. By default socketspy will display only the hexadecimal values. What is displayed can be adjusted both by command-line-arguments, as well as interactively with the keyboard.
Several of the socketspy options can be adjusted live, while data is streaming. These options can then be used to effectively modify the representation of the stream and make it easier to decipher what is going on. The interactive commands are:
'q' - quit '?' - print help information for the interactive keys '+' - increase the frequency '-' - decrease the frequency '>' - shift the phase to the right '<' - shift the phase to the left '0' - print remaining bytes in buffer (essentially a big phase shift left) 'a' - toggle ASCII output display 'b' - toggle binary output display 'h' - toggle hex output display (backspace) - go into passthru mode (from which there currently is no return).NOTE: this feature is disabled when in "passthru" mode.
The program is terminated by pressing the 'q' or interrupt key (usually ^C). (When in pass-thru mode, the 'q' method will not work.)
Other tools that can be helpful for use along-side socketspy are netstat and ss. The netstat -nlup operation informs what UDP ports are currently open, and what programs are using them. Likewise, changing the 'u' option to 't' will report on TCP sockets:
Please note that the socketspy tool cannot be used to intercept network traffic for applications that the user does not have the authority to view. The client application must be specifically set to listen to the port to which socketspy is streaming.
Listen in on the communications between a VRPN server on the localhost listening on the default VRPN port (3883), and then outputting the data on port 6000 (which means the actual VRPN client must be told to connect to the server on port 6000).
socketspy should do a clean exit when an interrupt signal (or others) is received.
We need to figure out how to disable shell processing of keyboard keys, so hitting ^M sends a 0x0d rather than a 0x0a.
Copyright 2013, Bill Sherman, All rights reserved.
This document was created by man2html, using the manual pages.
Time: 05:02:19 GMT, December 13, 2013