How can I spy on communication between a process and a terminal?

Question

I have a Linux process developed by a third-party that communicates with a terminal. For debugging I want to see the communication going back in forth.

One might think cat would do the trick (to see one direction):

    ./third-party-app &
    cat /dev/tty

...but it does not. Rather, cat will steal half of the data intended for the application, which is pretty much worthless.

third-party-app is hard-coded to assume /dev/tty.

One way I found to spy on the communication is to rename the /dev/tty device to, say, /dev/real_tty and create a named pipe called /dev/tty in its place. Then running:

    cat /dev/real_tty | tee /dev/tty &

...will at least let me see the output of /dev/real_tty, by copying the data from /dev/real_tty to the named pipe /dev/tty and stdout.

This sort of works but it feels really dodgy, and relies on the trickery of replacing the device. It also doesn't work in both directions, because named pipes only carry data in one direction.

What's the right way to do this?

If anyone's wondering, the TTY device is a RS-232 link to a microcontroller. The information is not sensitive or secured. All processes (application and spies) can run as root.

Answer 1

Have you considered using strace/ltrace? You can see the system calls it is making, in particular you can see the write/ioctl etc calls being made.

Answer 2

There are some alternatives:

Do It Youself with GDB: Redirecting Output from a Running Process

CryoPID allows you to capture the state of a running process in Linux and save it to a file. This file can then be used to resume the process later on, either after a reboot or even on another machine.

Distributed MultiThreaded CheckPointing is a tool to transparently checkpointing the state of an arbitrary group of programs spread across many machines and connected by sockets.

Answer 3

RS-232? Just tap the RxD/TxD/GND lines with clips. It's been a forever since I've seen any device even care about DCD, DTR, etc.

Answer 4

You could take a look at slsnif. It does exactly what you want, or if you're interested in writing one yourself the source is available to see how it works.

Answer 5

Not simple (not for me at least), but a mechanism that should work for the tty serial drivers is a line discipline.

Answer 6

People here have already made good suggestions, but here's another:

You can also write a shared library with your own write() that does some work before calling the write() from libc.so. Then you can use the LDD_PRELOAD environment variable to load your library when the process starts.

Answer 7

The script program exists to do this using psudo-terminal. The device /dev/tty is usually special and refers to the current process's controlling terminal, so you may not have had to resort to renaming things.

script opens a psudo-terminal and then runs another instance of your shell with that new shell as its controlling terminal (so /dev/tty refers to this psudo-terminal for this shell and its child processes). The -c option lets you run a particular command rather than your shell.

The main problem with script is that it is impossible to tell which way the data captured in the output file (./typescript by default) was going -- data flowing both ways is dumped to the same file and looks similar to what appears on the screen when using an interactive terminal (except for including escapes, carriage returns, and goofy stuff like that as well as the normally displayed characters).

Anyway, I know that this question has long since been answered, but I thought that if anyone were to search for a similar solution and were not using a real serial port this may help them.