Skip navigation.

Who's talking to whom?

One way to understand how your system works is to look at which programs talk to other programs.
Here's a graph showing all the processes on my system and their sockets:

Graph of socket connections

(click for a larger image)

The notation is:

  • Cyan node - a process
  • White circle - a normal (connected) socket
  • Text - a named socket (waiting for new connections)
  • Yellow - a connection to a named socket (the "server" end of a connection)
  • Red - a non-Unix-domain socket (probably a connection to the outside world)

The main hubs seem to be:

  • X (all graphical applications must connect to the X server to display windows),
  • The system dbus (the one connected to the X server), and
  • xfce4-session (anything that needs to save state on logout).

Actually, there's an even bigger gathering around the "/tmp/seahorse-6d4bQD" socket. This bit is very odd,
because all the processes are sharing a single socket. I suspect there's a bug here somewhere and a process
has accidentally passed the socket to all of its children.

About sockets

Sockets are similar to pipes, but are more complex. A brief summary of sockets:

  • A socket is one end of a communications channel.
  • There are different types of socket. Most are used for communicating with
    other computers over a physical network, but there is a special kind called
    "Unix domain sockets" which are used for communication within a computer.
  • To communicate, two sockets must be connected together. Data can then be sent
    in both directions.

There are three ways to get a connected socket:

  • You can create a pair of sockets that are already connected, and then give
    one of them to someone else. In the diagram, this appears as two white sockets
    connected together (e.g. "dbus-daemon" in the top-left corner).
  • You can bind a socket to an address and start accepting new incoming connections.
    This is a listening socket, represented by the text of its address. In the
    diagram "syslogd" has no connections, but is ready to accept one.
    Each time someone connects, a new socket is created to handle that connection.
    gconfd-2 is handling a number of existing connections (each yellow socket), as well as accepting new ones
    (on /tmp/orbit...).
  • You can connect to a listening socket. This results in having your white socket
    connected to a new yellow socket at the other process.

Generating the graph

The main problem with making the image is that I couldn't find a way of finding out which
sockets were connected to which other sockets. In the end, I edited unix_seq_show() in
net/unix/af_unix.c in the Linux source to print "unix_peer(s)" in a new column.

Then, it's just a matter of parsing /proc/net/unix and /proc/*/fd/* to build the graph,
and sending it to neato for rendering.


Thats really cool graph. Can you show your code?


Sockets code

OK, here's a zip of the code I found on my machine. Haven't tested it, but hopefully it still works!

It won't work without patching the kernel too, though (see text).

Syndicate content