1

I want to debug a program which makes a simple network connection.

Is there any command which will print the network activity of a command, something that will show me (e.g. in a hexdump) what is being sent & received. strace -e trace=%network COMMAND is 90% of the solution, that shows the raw network bytes.
But the formatting is subpar, it includes lots of extra information, and the formatting isn't as easy to read.

It's an active server, so I don't want to tcpdump all network activity, just this one command. I want this printed on the terminal (like strace), rather than having too many commands.

Server is Ubuntu Linux 18.04.

guntbert
  • 631
  • 9
  • 21
Amandasaurus
  • 31,471
  • 65
  • 192
  • 253

2 Answers2

0

Depending on how long the process runs and keeps the connection open you can use lsof or ss to see the network connection(s) and source port(s) that a specific application is using and use that detail to create an appropriate filter for tcpdump

I imagine strace gives you the same details with regards to source port and destination.

When all relevant network traffic has already been sent before you can craft the appropriate filter(s) - consider capturing (much) more detail to file and then run tcp dump against that pcap file.

Bob
  • 5,805
  • 7
  • 25
0

Since you mentioned tcpdump it seems that you don't need all (internal) information you get from strace. You probably already know which ports those programs are accessing on the network (I assume https and http just as an example). If that is the case you can use

tcpdump port https or http

(I omitted the second port keyword, tcpdump uses the last given one).
To refine that filter expression have a look at man (7) pcap-filter

guntbert
  • 631
  • 9
  • 21