socat is a utility to create and interface with unix sockets.

Intercepting Unix Socket Data[edit]

If you want to see data sent to and from a Unix socket, one way is to proxy the socket on a TCP port, then create a new socket that forwards to this port, and then use tcpdump to capture any traffic.

For example:

## Say we want to see all traffic to /var/socket.sock
## Move the original socket elsewhere
# mv /var/socket.sock /var/socket-org.sock
## Make socat listen on 8888 for the original socket
# socat TCP-LISTEN:8888,reuseaddr,fork UNIX-CONNECT:/var/socket-org.sock &
## Create a new socket with the original name and proxy all traffic to port 8888, which then gets redirected to the original socket with the first socat
# socat UNIX-LISTEN:/var/socket.sock,fork TCP-CONNECT: &
## Dump all traffic on port 8888
# tcpdump -i lo -netvvvXSs 1514 port 8888