IPCDump: Open-source tool for tracing interprocess communication on Linux
Guardicore released IPCDump, a new open source tool for tracing interprocess communication on Linux.
The tool covers most interprocess communication (IPC) mechanisms, including pipes, fifos, signals, Unix sockets, loopback-based networking, and pseudoterminals, and is useful for debugging multi-process applications and gaining transparency into how they communicate with one another in their IT environment.
Modern applications have distinct processes that plug into one another in a black box, creating significant challenges for developers when something breaks. This issue is particularly true for debugging complex multiprocess applications. IPCDump solves this problem by tracing both the metadata and contents of apps’ communication and tracing IPC between short-lived processes.
Security practitioners can also use the open source tool to explore how business apps communicate with internal and external systems. IPCDump can also easily track short- lived processes’ creation and destruction, a tedious task that typically requires security and IT teams to check port numbers against netstat manually.
Additional IPCDump features
- Support for pipes and FIFOs
- Loopback IPC
- Signals (regular and real-time)
- Unix streams and datagrams
- Pseudoterminal-based IPC
- Event filtering based on process PID or name
- Human-friendly or JSON-formatted output
“The IPCDump tool is a result of internal efforts to make Guardicore’s technology stronger and better. To do so we needed to be able to look deeper into internal mechanism of the Linux OS and therefore developed IPCDump,” Liad Mordekoviz, security researcher for Guardicore, told Help Net Security. “Our goal is to add more capabilities that will allow us to look into other mechanisms that are not yet covered by the tool in order to further deepen our understanding of the internal Linux landscape.”