This is release 2.0 of Tom Poindexter’s Sockspy utility. Among the new features in this release are:
To quote Tom Poindexter's original README file:
Sockspy lets you watch the conversation of a Tcp client and server. Sockspy acts much like a gateway: it waits for a Tcp connection, then connects to the real server. Data from the client is passed onto the server, and data from the server is passed onto the client.
Along the way, the data streams are also displayed in text widget with data sent from the client displayed in green, data from the server in blue and connection metadata in red. The data can be displayed as printable ASCII strings, or as a hex dump format of both hex and printable characters.
Why might you want to use Sockspy? Debugging Tcp client/server programs, examining protocols and diagnosing network problems are top candidates. Perhaps you just want to figure out how somethings work. It's not a replacement for heavy duty tools such as 'tcpdump' and other passive packet sniffers. On the other hand, Sockspy doesn't require any special priviledges to run (unless of course, you try to listen on a Unix reserved Tcp port less than 1024.)
Sockspy requires Tcl/Tk 8.0. If you don't already have Tcl/Tk, you can get it from:
Sockspy is 100% Tcl, and can run on Windows, Macintosh and Unix. I've tested it on Windows and Unix.
Just double click on Sockspy to start it. You will be prompted for various connection parameters described below.
Alternatively, you can run Sockspy from the command line. This allows you to specify the connection parameters up front. Also, this is how you can run Sockspy in text mode without a GUI.
To start Sockspy from the command line:
$ sockspy <listen-port> <server-host> <server-port> listen-port: The Tcp port on which to listen. Clients should connect to this port. server-host: The host where the real server runs. Host can be specified as an dotted IP address or as a hostname. server-port: The Tcp port on which the real server listens.
To start Sockspy in text mode without a GUI:
$ tclsh sockspy <listen-port> <server-host> <server-port>
All the example use the command-line interface. The GUI interface is identical except that you must specify the connection parameters in the dialog the pops up when Sockspy starts.
$ sockspy 8000 www.some.com 80 then with your browser, use a url of: http://localhost:8000/index.htmlUsing this method, you will have to start a new Sockspy for each HTTP host you access. If you normally run an HTTP proxy, start
sockspy 8000 webproxyhost 80and just set your browser's proxy to use the Sockspy host and port.
$ sockspy 2000 otherhost 23 $ telnet localhost 2000
Define an 'interfaces' entry for Sockspy: SYBASE query tcp ether dbserv 5000 master tcp ether dbserv 5000 SPY query tcp ether sockspyhost 5500 master tcp ether sockspyhost 5500 $ sockspy 5500 dbserv 5000 $ isql -SSPY