Linux uses Socktop to detect socket communication status

All socket communication is through the socket interface, any family communication including UNIX domain sockets to go, so as long as the intercept socket read and write a few syscall can understand the UNIX domain socket sent and received.
The Systemtap release provides a tool socktop, located in/usr/share/doc/systemtap/examples/network/socktop, is a handy tool, and it's the right thing to do.
Installation
To deploy SYSTEMTAP, you need to install the following two RPM packages:

The code is as follows:
Systemtap
Systemtap-runtime
With root permissions, run the following command to install:

The code is as follows:
Yum Install Systemtap Systemtap-runtime
Note: Before using SYSTEMTAP, you need to install kernel information packs, which can be installed by running the following command:

The code is as follows:
Stap-prep
If the installation fails, please install it manually, see manual installation of the kernel information pack.
Note: I run the STAP-PREP error message on my host as follows

The code is as follows:
[Root@test ~]# Stap-prep
Need to install the following packages:
Kernel-devel-2.6.18-308.el5.x86_64
Kernel-debuginfo-2.6.18-308.el5.x86_64
Traceback (most recent call last):
File "/usr/bin/yumdownloader", line, in
Import Yum
Importerror:no module named Yum
Problem downloading rpm (s) kernel-devel-2.6.18-308.el5.x86_64 kernel-debuginfo-2.6.18-308.el5.x86_64
Manual installation of required kernel information packs
The required kernel information package contains the packages in your kernel that match the following fields-devel,-debuginfo, and-debuginfo-common. As follows:

The code is as follows:
Kernel-debuginfo
Kernel-debuginfo-common
Kernel-devel
Need to install the corresponding version of the package with your kernel, run the command

The code is as follows:
Uname-r
2.6.18-308.el5

You can specify that your kernel is 2.6.18-308.el5, so the package you need is as follows:

The code is as follows:

kernel-debuginfo-2.6.18-308.el5.x86_64.rpm
kernel-devel-2.6.18-308.el5.x86_64.rpm
KERNEL-DEBUGINFO-COMMON-2.6.18-308.EL5.X86_64.RPM
IMPORTANT!!!! Note: These three packages must match your kernel version and cannot be understood.
Download the three RPM packages and download them to the Http://rpm.pbone.net website. Or, most simply, search for the package name at Google.
Download kernel-debuginfo-2.6.18-308.el5.x86_64.rpm:
wget ftp://ftp.pbone.net/mirror/ftp.redhat.com/pub/redhat/ linux/enterprise/5client/en/os/x86_64/debuginfo/kernel-debuginfo-2.6.18-308.el5.x86_64.rpm
Download kernel-devel-2.6.18-308.el5.x86_64.rpm:
wget ftp://ftp.pbone.net/mirror/ftp.redhat.com/pub/redhat/linux/ enterprise/5client/en/os/x86_64/debuginfo/kernel-devel-2.6.18-308.el5.x86_64.rpm
Download kernel-debuginfo-common-2.6.18-308.el5.x86_64.rpm:
wget ftp://ftp.pbone.net/mirror/ftp.redhat.com/pub/redhat /LINUX/ENTERPRISE/5CLIENT/EN/OS/X86_64/DEBUGINFO/KERNEL-DEBUGINFO-COMMON-2.6.18-308.EL5.X86_64.RPM
Install the three packages individually:

The code is as follows:
RPM-IVH kernel-debuginfo-common-2.6.18-308.el5.x86_64.rpm
RPM-IVH kernel-debuginfo-2.6.18-308.el5.x86_64.rpm
RMP-IVH kernel-devel-2.6.18-308.el5.x86_64.rpm
Initializing Tests
To test whether STAP is installed correctly, you need to run the following command test:

The code is as follows:
Stap-v-E ' probe Vfs.read {printf ("read performed\n"); exit ()} '
Socket read-Write viewer socktop
Socktop source code inside the copyright and simple function Introduction:
Use Help

The

Code is as follows:
$/usr/share/doc/systemtap/examples/network/socktop-h
Usage:socktop [-d] [-I interval] [-N num] [-P Protocol] ... [F Family] ...
[-t stype] ... [-N pname] ... [-P PID] ... [-u username] ... [-h]
-d           # Print network device traffic (Default:off)
- I interval  # interval in seconds between printing (Default:5)
-N num       # Numbe R of top processes and devices to print (DEFAULT:10)
-F family    # This Protocol family only (default: All)

-P protocol # This Protocol only (Default:all)
-T Stype # This socket type only (Default:all)
-N PName # This process name only (Default:all)
-P PID # This process ID only (Default:all)
-u username # This user only (Default:all)
-C Count # Number of iteration
-M Mod_name # Generate instrumentation (but do not run)
-H # Print this help text
Protocol Families:
Local, INET, INET6, IPX, NetLink, X25, AX25, ATMPVC, APPLETALK, PACKET
Protocols:
TCP, UDP, SCTP, IP, FC, ... (See/etc/protocols for complete list)
Socket Types:
STREAM, Dgram, RAW, RDM, Seqpacket, DCCP, PACKET
The use of the above write is very clear, we want to filter the UNIX socket, every 5 seconds under the circumstances, but also smoothly the network equipment traffic.

The code is as follows:
$sudo/usr/share/doc/systemtap/examples/network/socktop-f local-i 5-d

======================= Thu Mar 31 21:23:03 2011 ========================

-------------------------------Processes-------------------------------

PID UID #SEND #RECV send_kb recv_kb prot FAMILY COMMAND


24821 50453 1 0 0 0 IP Local Crond

3840 0 0 2 0 0 IP Local syslog-ng


--------------------------------DEVICES--------------------------------

DEV #XMIT #RECV xmit_kb recv_kb

Eth0 457 250 102 38

Bond0 457 0 102 0

Lo 24 24 2 2

Eth1 0 10 0 0

=========================================================================
We see very clearly, crond in the hair, Syslog-ng in the collection.
If you want to know the content of the message, you can change the script to dump the message.
Have fun!