XWindow Protocol Tracking

Question

XWindow Protocol Tracking

Can I track the XWindow protocol with a tool? I thought wirehark would be a good basis for such an idea, but there seems to be no support. What needs to be done to achieve this goal?

+4

wireshark x11

udslk Nov 18 '10 at 9:56

source share

4 answers

In principle, it is possible to capture the X-Window protocol, which passes through a Unix socket using strace . You can then wrap this package for Wireshark with text2pcap .

Example:

capture X-window protocol frames that are sent to the X server from pid 1998 to a unix socket with file descriptor 41:

 bash$ sudo strace -e trace=read,write -e read=41 -p 1998 2>&1 | grep '^[ ]|' >/tmp/xdata.log

prepare the captured data for wirehark:

 bash$ text2pcap -T 1234,6000 /tmp/xdata.log /tmp/xdata.dump

Now you can use wirehark on /tmp/xdata.dump .

+3

begemotv2718 25 sept. '12 at 15:35

source share

In the 80s there was an open source Xwindow proxy program that will be hosted between the server and the client. It was written in "C" and is easily modified to count the types of messages or the amount of data flowing in each direction. He also acknowledged the incorrect Xprotocol, which can occur when people used the wrong functions in interrupt handlers. I can’t remember the name, but perhaps a search in the “Xwindow proxy server” may help ...

0

Wiggins 10 sept. '14 at 16:07

source share

I'm not sure what the XWindow protocol is, but you can make a Lua Dissector for Wireshark:

http://wiki.wireshark.org/Lua

-1

zsalzbank Dec 05 '10 at 17:15

source share

willyo · Accepted Answer · 2011-02-14T02:34:04+0000

Wireshark has the ability to analyze the X-Window protocol.

However: you must first catch the actual X-Window traffic between the X client (application) and the X server before Wireshark can analyze it.

X-Windows traffic between the application (X-Windows client) and the X-Windows Server running on your local computer probably uses "Unix domain sockets" for direct interprocess communication (IPC) between the client and server. There is no main network protocol, and thus, traffic (AFAIK) is not removed to open Wireshark).

It has been some time since I dealt with X, but I think that it is mainly necessary for the X-Server to work on a box, so that the server listens for (and agrees to accept) network connections. If the Xclient application on the remote node (or local node?) Then connects to XServer over the network, you can capture this traffic to crack Wireshark.

X is complicated; If you are not familiar with the details of X, you will need to read or ask for more information. I have long forgotten the details related to X.

XWindow Protocol Tracking

More articles: