Welcome to http://sockspy.sourceforge.net/

This is release 2.0 of Tom Poindexter’s Sockspy utility. Among the new features in this release are:

Reorganized GUI to use one pane with different colors
Can also run as a command-line utility with no GUI
You can stop, start and change the socket forwarding from within the program

Where to get Sockspy

You can download the latest version of Sockspy from its project page here. The old version 1.0 can be gotten here.

What is Sockpy?

To quote Tom Poindexter's original README file:

Sockspy lets you watch the conversation of a Tcp client and server. Sockspy acts much like a gateway: it waits for a Tcp connection, then connects to the real server. Data from the client is passed onto the server, and data from the server is passed onto the client.

Along the way, the data streams are also displayed in text widget with data sent from the client displayed in green, data from the server in blue and connection metadata in red. The data can be displayed as printable ASCII strings, or as a hex dump format of both hex and printable characters.

Why might you want to use Sockspy? Debugging Tcp client/server programs, examining protocols and diagnosing network problems are top candidates. Perhaps you just want to figure out how somethings work. It's not a replacement for heavy duty tools such as 'tcpdump' and other passive packet sniffers. On the other hand, Sockspy doesn't require any special priviledges to run (unless of course, you try to listen on a Unix reserved Tcp port less than 1024.)

Requirements

Sockspy requires Tcl/Tk 8.0. If you don't already have Tcl/Tk, you can get it from:

http://aspn.activestate.com/ASPN/Downloads/ActiveTcl/

Windows & Macintosh & Unix

Sockspy is 100% Tcl, and can run on Windows, Macintosh and Unix. I've tested it on Windows and Unix.

Using Sockspy

Just double click on Sockspy to start it. You will be prompted for various connection parameters described below.

Alternatively, you can run Sockspy from the command line. This allows you to specify the connection parameters up front. Also, this is how you can run Sockspy in text mode without a GUI.

To start Sockspy from the command line:

    $ sockspy <listen-port> <server-host> <server-port>

    listen-port:  The Tcp port on which to listen. Clients should
         connect to this port.

    server-host:  The host where the real server runs. Host can
         be specified as an dotted IP address or as a hostname.

    server-port:  The Tcp port on which the real server listens.

To start Sockspy in text mode without a GUI:

    $ tclsh sockspy <listen-port> <server-host> <server-port>

Examples

All the example use the command-line interface. The GUI interface is identical except that you must specify the connection parameters in the dialog the pops up when Sockspy starts.

HTTP: To watch the HTTP protocol traffic to a particular web server:
```
    $ sockspy 8000 www.some.com 80

    then with your browser, use a url of:
        http://localhost:8000/index.html
```
Using this method, you will have to start a new Sockspy for each HTTP host you access. If you normally run an HTTP proxy, start sockspy 8000 webproxyhost 80 and just set your browser's proxy to use the Sockspy host and port.

Telnet: To watch your Telnet session to 'otherhost':

    $ sockspy 2000 otherhost 23
    $ telnet localhost 2000

Database connectivity (Sybase example)

    Define an 'interfaces' entry for Sockspy:

        SYBASE
            query tcp ether dbserv 5000
            master tcp ether dbserv 5000

        SPY
            query tcp ether sockspyhost 5500
            master tcp ether sockspyhost 5500

    $ sockspy 5500 dbserv 5000
    $ isql -SSPY

Installation

Unix
Copy 'sockspy.tcl' to the executable directory of your choice and rename it to 'sockspy'. You may need to 'chmod +x sockspy' to allow direct execution. You will also need access to a 'wish8.0' Tcl/Tk interpreter on your PATH.
Windows
Copy sockspy.tcl anywhere on your disk and create a shortcut on your desktop to it. To be able to use sockspy in command-line mode, copy sockspy to a directory which is on your path (c:\tcl\bin is a good, likely candidate).
Macintosh
???

RUNNING SOCKSPY

If you've gotten this far, you probably don't need any help with the user interface. Sockspy has few controls:

Hex
Display output as hex dump format, 16 hexadecimal digits per line, plus whatever printable ASCII characters might be usable.
ASCII
Display output as printable string, 66 characters maximum per line. Newline characters (\n) in the data stream cause a new line to be added to the listbox. Lines that exceed 66 characters are continued on the next line, with a plus symbol ("+") marking the continuation.
Autoscroll
Whether or not the display should scroll to the bottom when new data is received.
+ Font
Increase the font size by one.
- Font
Decrease the font size by one.
Clear
Clear the display
Save
Save either the server, client, or both windows to a file.
Exit
Exit Sockspy.
File->Reconnect
Prompts you for new connection parameters, and if you click OK, it will disconnect current session and reconnect with the new parameters.

Author

Original author: Tom Poindexter
Current author: Keith Vetter