How can I sniff and analyze Java RMI traffic ? There is only very partial solution in wireshark. I need to know exactly which methods where called and which args where passed by sniffing the TCP connection.
That's wireshark. It doesn't help too much. It only parses few headers
bugspy.net
2009-11-10 16:48:29
That's news to me. The cool thing is that on SO you can learn something even when answering a question.
Kelly French
2009-11-10 16:51:27
+4
A:
You can set some java properties to make rmi more verbose.
Probably you need this setting:
sun.rmi.client.logCalls (1.4 and later)
If the value of this property is true, the sun.rmi.client.call logger will be set to the level Level.FINER. Remote calls are logged at the level Level.FINER, and exceptions from remote calls are logged at the level Level.FINE.
tangens
2009-11-10 16:48:14
A:
I don't know of a tool that can sniff and decipher RMI traffic off the wire. If no one else does either, a less optimal solution might be to instrument your stubs/skeletons (probably auto-generated if you're using Java 5 or later) or parts of the RMI infrastructure with code to output log messages.
You could using AOP or some byte-code manipulation tool to achieve this. I've used JavaAssist for similar tasks to yours with success. It's very friendly for a tool of this nature.
monorailkitty
2009-11-10 16:48:27
+1
A:
Do you need to "sniff" it, or can you deploy a custom socket factory at the client or the server?
In the past I created a custom RMI server socket factory that created a "tee" on the stream read by the RMI service. As the RMI runtime read one of the streams normally, my code got a copy of the JRMP to parse too. In my case, I was logging the remote calls, including their parameters in serialized form, so that I could "replay" them later for load testing. Merely enabling the RMI logging options wasn't sufficient for that.
One problem is that the JRMP documentation is poor, and in some cases, inaccurate. Another is that a lot of the necessary code isn't part of the core Java API. It was complicated. I thought I understood RMI well before I started, but after doing this little project, I was surprised how much more I had to learn.
A similar approach could be applied to application data captured by Wireshark, but I've never written an analyzer for Wireshark and I'm not sure how complicated it is.
erickson
2009-11-10 17:00:40
I guess if it comes to that I can use a custom socket factory, but to be honest I am starting to get sick of RMI. RMI is shit
bugspy.net
2009-11-10 21:35:08