Hello Stefan, This blog post [0] talks about the AF_VSOCK monitoring device (vsockmon) Stefan upstreamed into Linux a few years ago. It seems to me the same rationale for enabling packet captures for AF_VSOCK traffic applies to UNIX domain sockets as well. What do you think? I have a proof of concept patch for Linux for a unixmon capture device if you think this is a good idea.
[0] https://blog.vmsplice.net/2017/07/packet-capture-coming-to-afvsock.html -- Respectfully, Josh Abraham