Welcome to


This is release 2.0 of Tom Poindexter’s Sockspy utility. Among the new features in this release are:

Where to get Sockspy

You can download the latest version of Sockspy from its project page here. The old version 1.0 can be gotten here.

What is Sockpy?

To quote Tom Poindexter's original README file:

Sockspy lets you watch the conversation of a Tcp client and server. Sockspy acts much like a gateway: it waits for a Tcp connection, then connects to the real server. Data from the client is passed onto the server, and data from the server is passed onto the client.

Along the way, the data streams are also displayed in text widget with data sent from the client displayed in green, data from the server in blue and connection metadata in red. The data can be displayed as printable ASCII strings, or as a hex dump format of both hex and printable characters.

Why might you want to use Sockspy? Debugging Tcp client/server programs, examining protocols and diagnosing network problems are top candidates. Perhaps you just want to figure out how somethings work. It's not a replacement for heavy duty tools such as 'tcpdump' and other passive packet sniffers. On the other hand, Sockspy doesn't require any special priviledges to run (unless of course, you try to listen on a Unix reserved Tcp port less than 1024.)


Sockspy requires Tcl/Tk 8.0. If you don't already have Tcl/Tk, you can get it from:

Windows & Macintosh & Unix

Sockspy is 100% Tcl, and can run on Windows, Macintosh and Unix. I've tested it on Windows and Unix.

Using Sockspy

Just double click on Sockspy to start it. You will be prompted for various connection parameters described below.

Alternatively, you can run Sockspy from the command line. This allows you to specify the connection parameters up front. Also, this is how you can run Sockspy in text mode without a GUI.

To start Sockspy from the command line:

    $ sockspy <listen-port> <server-host> <server-port>

    listen-port:  The Tcp port on which to listen. Clients should
         connect to this port.

    server-host:  The host where the real server runs. Host can
         be specified as an dotted IP address or as a hostname.

    server-port:  The Tcp port on which the real server listens.

To start Sockspy in text mode without a GUI:

    $ tclsh sockspy <listen-port> <server-host> <server-port>


All the example use the command-line interface. The GUI interface is identical except that you must specify the connection parameters in the dialog the pops up when Sockspy starts.



If you've gotten this far, you probably don't need any help with the user interface. Sockspy has few controls:


Original author: Tom Poindexter
Current author: Keith Vetter