Can I monitor a local unix domain socket like tcpdump?

you can use socat.

sudo mv /path/to/sock /path/to/sock.original
sudo socat -t100 -x -v UNIX-LISTEN:/path/to/sock,mode=777,reuseaddr,fork UNIX-CONNECT:/path/to/sock.original

What is happening above: First move original socket to sock.original. Socat creates a new socket ('UNIX-LISTEN') in the originals location and forwards all to the original ('UNIX-connect'). The -v tells socat to also print output to STDERR.

There's a guy that claims to do so by creating an app that acts as a gateway between two sockets and logging all data that flows. So you can't tap on a socket but if you can restart the service and tune it to use this guy app you will be able to see all traffic.

Here is the link to the post: Unix Socket Sniffer

There's another way that needs you to find the process id attached to the socket, then find with lsof the file descriptor of the socket and then tap the file descriptor using strace.

If you can stop whatever client/server is using the socket and reconfigure it I would recommend always the first method, second method it's tricky and requires you to tap a current process which on some apps could cause it to crash.

Hope someone enlighten us with anoter way :)

Good luck

You might also try using strace on one of the processes on either side of the socket, since this will let you watch what is written/read. I found in my production environments, I don't have socat, but do have strace.

For any useful purpose, setting -s to something big is a must.