Re: detecting sockets
Re: detecting sockets
- Subject: Re: detecting sockets
- From: Thomas Drake <email@hidden>
- Date: Sat, 4 Dec 2004 11:23:54 -0800
Quinn,
On Nov 24, 2004, at 3:31 AM, Quinn wrote:
At 12:28 -0800 16/11/04, Thomas Drake wrote:
i'm really looking for a 100% reliable method for finding what
sockets are opened for a give duration.
What version of Mac OS X are you targetting?
Definitely 10.2 & 10.3 & 10.4.
10.1 and prior, not so much.
Do you care about sockets created by kernel code?
Not so much.
What are you using this information for?
This is information would be used to determine which web-like
application owns packets that are coming and going. I'm working on a
web monitor that sniffs packets using libpcap. For the packets I find,
I need to distinguish between users requests and requests from
background processes (by matching port to socket to process). Then,
distinguish I need to which browser owns which packet... I have this
working using the standard command-line utils, but I frequently miss
sockets with a short life-span. I've experimented a bit, and found that
even rapid polling over netstat/fstat miss some sockets. To make this
work, I think I only need to know about every socket that successfully
'connects'.
It's very unlikely that you'll be able to get this information in a
reliable way (that is, a way that will get all sockets and be binary
compatible with future versions of Mac OS X). However, if you can
give me a little background about the big picture, I might be able to
offer some suggestions.
Thanks for responding!
thomas
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden