2Nis
How do I start inspecting, in a basic way, what a socket is or was doing?
Exploring a plist related with a flash pop-up when booting, I found this folders:
launchctl print gui/$(id -u)/com.apple.sharingd
...
path = /System/Library/LaunchAgents/com.apple.sharingd.plist
state = running
program = /usr/libexec/sharingd
inherited environment = {
DISPLAY => /private/tmp/com.apple.launchd.NycH5eDM3b/org.xquartz:0
SSH_AUTH_SOCK => /private/tmp/com.apple.launchd.9u8d0kZoxg/Listeners
}
...
properties = keepalive | runatload | supports transactions | system service | exponential throttling
...
This Listeners thing, happens to be a socket (I have no experience at all with sockets). So any attemp to explore it in a file fashion way, failed.
How can I do some kind of basic/starting forensic to that socket. Meaning, grabbing it's meaningful dependencies or the things that had done in the system?
I need just some kind of starting clue and I will do my best effort to continue by myself.
% cd /private/tmp/com.apple.launchd.9u8d0kZoxg/
% ls
Listeners
% ls -lrt
total 0
srw-rw-rw- 1 myhost wheel 0 2 abr 09:05 Listeners
% cat Listeners
cat: ai_family not supported: Undefined error: 0
cat: Listeners: Invalid argument
% less Listeners
Listeners is not a regular file (use -f to see it)
% less -f Listeners
Listeners: Operation not supported on socket
