"The Linux Gazette...making Linux just a little more fun!"


(?) The Answer Guy (!)


By James T. Dennis,
LinuxCare, http://www.linuxcare.com/


(?) Snooping on a Serial Port

From Rudy Moore on Mon, 11 Oct 1999

How can I snoop what an application is sending and receiving from a serial port?

(!) Look for ttysnoop. Here are a few URLs:
ttysnoop-0.12c-4.i386 RPM
http://rufus.w3.org/linux/RPM/contrib/libc5/i386/ttysnoop-0.12c-4.i386.html
[freshmeat] ttysnoop
http://freshmeat.net/appindex/1999/09/05/936520647.html
Debian GNU/Linux -- ttysnoop
http://www.debian.org/Packages/unstable/admin/ttysnoop.html
You might also look at:
Debian GNU/Linux -- ttylog
http://www.debian.org/Packages/unstable/utils/ttylog.html
... which is a similar program. You could probably use the 'alien' package (http://kitenet.net/programs/alien) to convert the Debian package into some other format (like RPM).
I trust you will be using these for ethical purposes.

(?) (Not sure if you prefer long or short questions, but I can elaborate if you'd like more information.)

Rudy

(!) I prefer questions that provide just enough information that I can answer them. I like them to be just general enough that they will be useful to some significant number of the Linux Gazette readers and to the many people who find my back issues using Yahoo!, Google, Alta Vista, Deja and just specific enough that I can answer them in less than five pages.
Oddly enough yours is the first question I can remember that actually asked what sort of questions I prefer.


(?) More on: Snooping on a Serial Port

From rudy on Wed, 13 Oct 1999

The problem with ttysnoop is that it's heavily oriented toward spying on a network connection - which is different from protocol analysis. The first begs the "ethical?" question, the second implies reverse engineering - or debugging. And I would venture to say that debugging in this manner is really just a form of reverse engineering, so...

I wrote a PERL frontend to strace and have made a pretty darn useful protocol analyser. At some point in the future, I'll post my code so others can benefit from it.

Thanks for the reply! Rudy

(!) I agree that ttysnoop isn't well-suited for protocol analysis. However, I was unable to find any tools specifically for that.
One thing that would be cool would be a modified form of the serial device driver --- one that could used to capture and log data as it is passed from the interface to the userspace process.
This has shades of "STREAMS" gathering like storm clouds over it. The ability to attach filters into the streams of data on UNIX device driver is a major feature of STREAMS. There is an optional set of STREAMS patches (LiS) available for Linux. However, they are not part of the standard interfaces and drivers (and probably never will be).
One of the key arguments against STREAMS in the mainstream Linux kernel is that we have the driver sources available. If we need to add custom filtering, logging, etc, into those at a low level --- we should modify the driver. This prevents the rest of the drivers from suffering from bloat and performance restrictions that would be necessary to fully support the STREAMS infrastructure. (Those are the arguments as I remember and understand them. I'm not a kernel or device driver developer and don't really have a qualified opinion on the whole debate).
Of course, if the 'strace' solution is working for you, then use it. It sounds interesting and useful. However, if 'strace' doesn't do it, or it costs too much load for your purposes, maybe you could use a patched driver.


(?) Another Call for Serial Snooping

From VETTER Joe on Tue, 12 Oct 1999

Hi,

I have a program which communicates through the serial port to a data logger. The program is not very functional and I would like to reproduce it. The problem is I do not know the commands to send to request data from the data logger. I am looking for a program which will monitor the data passing in and out of the serial port, without actually stopping the other program from using the serial port. Any ideas ?

Thanks in Advance

(!) Look for ttysnoop. This is a package that is specifically designed to "listen in on" Linux ttys (serial or console).
Here's the Freshmeat pointer:
http://freshmeat.net/appindex/1999/09/05/936520647.html


Copyright © 1999, James T. Dennis
Published in The Linux Gazette Issue 48 December 1999
HTML transformation by of Starshine Technical Services, http://www.starshine.org/


[ Answer Guy Current Index ] [ Index of Past Answers ] greetings 1 2 3 5
5 6 7 8 9
10 11 12 13 14 15 16 17 18
19 20 21 22 23 24 25 26 27
28 29 30 31 32 33 34 35 36
37 38 39 40 41 42 43 44 45
46 47 48 49 50 51 52 53 54
55 56 57


[ Table Of Contents ] [ Front Page ] [ Previous Section ] [ Linux Gazette FAQ ] [ Next Section ]