How can I sniff and analyze Java RMI traffic ? There is only very partial solution in wireshark. I need to know exactly which methods where called and which args where passed by sniffing the TCP connection.
Do you need to "sniff" it, or can you deploy a custom socket factory at the client or the server?
In the past I created a custom RMI server socket factory that created a "tee" on the stream read by the RMI service. As the RMI runtime read one of the streams normally, my code got a copy of the JRMP to parse too. In my case, I was logging the remote calls, including their parameters in serialized form, so that I could "replay" them later for load testing. Merely enabling the RMI logging options wasn't sufficient for that.
One problem is that the JRMP documentation is poor, and in some cases, inaccurate. Another is that a lot of the necessary code isn't part of the core Java API. It was complicated. I thought I understood RMI well before I started, but after doing this little project, I was surprised how much more I had to learn.
A similar approach could be applied to application data captured by Wireshark, but I've never written an analyzer for Wireshark and I'm not sure how complicated it is.