0

I often have to debug processes which involve a server client tcp connection. I'd like to check, during times where a client might seem stuck, whether the server is sending it data or not. I can use:

'netstat -tpe | grep PID_SERVER'

to find the socket for the server, or 'netstat -tlpe | grep PID_CLIENT' to find that of the client. Is there a way to further inspect that particular socket once I identify it? Other than just its State? I feel like Recv-Q or Send-Q might be useful though I'm not sure what it refers to - but in addition to that, what else can I use to diagnose what is going on between them? Was thinking, possibly something in /proc/PID/fd?

Any insight would be appreciated...

Palace Chan
  • 151
  • 1
  • 4
  • The answer depends on what kind of socket you are actually instrumenting. Correlating the output of `ls -l /proc/$PID/fd` and various files in proc, like `/proc/net/tcp` and stuff can be a start. Some information are not stored in sockets, but are attached in route entries/exceptions – BatchyX Apr 20 '13 at 21:50

1 Answers1

1

You should use a packet inspector for this task. One widely used (and my personal favourite) tool is Wireshark.

Colin Pickard
  • 1,260
  • 2
  • 16
  • 28
  • Well you need root permissions for capturing live data. I was thinking more like the comment above. It seems like I have to use something like `netstat -ltpne` with `grep` to find it..and then convert the port to hex to inspect it in `/proc/net/tcp`. – Palace Chan Apr 20 '13 at 23:23