Analyzing text protocols with a TCP proxy

To debug the Memcache server (memcached) on my localhost I needed an application that would log the in and output to a specific port on my local machine. In  the config in PHP I changed the memcache port (from 11211) to 11212. Then I ran the TCP proxy software to forward all connections on port 11212 to 11211. I know I could have used wireshark (and/or tcpdump) to just look at the traffic, but I felt like trying a more light-weight tool. I ran into two nice little TCP proxy programs: One written in Perl and one written in C++ with the Boost library.

Perl based TCP proxy

Torsten Raudssus wrote an application that has the following output:

tcpproxy

With the following commands you can run the TCP proxy:

git clone git@github.com:Getty/p5-app-tcpproxy.git
cd p5-app-tcpproxy/
sudo apt-get install cpanminus
sudo cpanm --installdeps .
perl bin/tcpproxy.pl 11212 127.0.0.1 11211

It is a lovely little project that definitely serves a niche. The only downside I see is that is has two CPAN dependencies. Perl is always available on Linux, but the dependencies certainly not. This makes it maybe a little harder to run when you are on a random machine debugging a nasty problem. If it would not have those it would become my next favorite (text) protocol analyzer.


C++ (Boost) based TCP proxy

Arash Partow also wrote a TCP proxy application in C++. It originally had no output, but I changed that. After my modifications the output looks like this:

...
56258 ==> delete memc.sess.key.lock.s5p5eh8fhvfe6iq06ot6nuim66

56258 <== DELETED

56258 ==> quit

56276 ==> add memc.sess.key.lock.s5p5eh8fhvfe6iq06ot6nuim66 0 1421275851 1
1

56276 <== STORED

56276 ==> get memc.sess.key.s5p5eh8fhvfe6iq06ot6nuim66

56276 <== END

56276 ==> set memc.sess.key.s5p5eh8fhvfe6iq06ot6nuim66 0 4 1331
debugger|a:1:{i:0;a:12:{s:3:"log";a:0:{}s:7:"queries";a:0:{}s:7:"session";a:2:{s:6:"before";
...

With the following commands you can run the TCP proxy:

git clone git@github.com:mevdschee/proxy.git
cd proxy/
sudo apt-get install build-essential
sudo apt-get install libboost-all-dev
make
./tcpproxy_server 127.0.0.1 11212 127.0.0.1 11211

As you can see I forked the original Github project to add some logging:

tcpproxy_cpp

It works like a charm, but I prefer the colored and smarter output of the Perl application. If I find some time I might copy the way the Perl proxy shows the output to C++. If you feel like it and you think you know how to do that, than I would be very happy with a PR!

NB: Arash Partow also wrote a variation to the code that does logging, it is on Google Code.

What is your favorite TCP proxy for analyzing text protocols? Let us know in the comments!

Share