开发者

MacOSX: how to capture network events? Or: how does Private-Eye works?

开发者 https://www.devze.com 2023-04-11 20:41 出处：网络

I stumbled upon Private Eye and wonder how it works. I.e. what APIs it is using to get those information (all incoming/outcoming network connections and the application using it)?

相关专题：kernel-extension macos networking

I stumbled upon Private Eye and wonder how it works.

I.e. what APIs it is using to get those information (all incoming/outcoming network connections and the application using it)?

It is ins开发者_运维问答talling a kext. Is that needed?

Developer here.

It uses a kext to catch the connections. The basic idea is to install a socket filter that gets called whenever there is a network event. The kext will then grab and store whatever information it needs, and communicate it over a kernel control socket to the userland client.

Here's Apple's great intro about making a network kernel extension. http://developer.apple.com/library/mac/#documentation/Darwin/Conceptual/NKEConceptual/intro/intro.html

Almost everything in that applies to Private Eye.

chrome://net-internals/#events from google chrome may help, you can try