I digged into the depth of network packet handling, softirq's
and packet queues and hacked down a patch for the
2.6.34 kernel so that PF_PACKET can be applied to
The goal is to have a unix interface one day which you
can pass to pcap_create() and wireshark or tcpdump.
With a e.g. DBUS dissector you can then monitor
the application level IPC to find the more unknown
The hard part now is to get this patch upstream,
so that it is available on a standard Linux distro
the same way you'd monitor your network traffic.