Last active
January 9, 2016 15:04
-
-
Save maatthc/48b4f29389dde0be4f5b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Find out which process is accessing Memcached on localhost. | |
| // It uses SystemTap : https://sourceware.org/systemtap | |
| // You will need the kernel-debuginfo-common, kernel-headers and kernel-debuginfo | |
| // Packages installed. | |
| // | |
| probe begin { | |
| printf("%5s (%s) %15s %5s %15s %5s %s %s %s %s %s %s\n", | |
| "PID", "CMD", "saddr", "SPORT", "daddr", "DPORT", "urg","ack","psh","rst","syn","fin") | |
| } | |
| probe tcp.receive { | |
| if ( sport == 11211 && saddr== "0000:0000:0000:0000:0000:0000:0000:0001" ) { | |
| printf(" %5d (%s %s) %15s %5d %15s %5d %d %d %d %d %d %d\n", | |
| pid(), execname(), cmdline_str(), saddr, sport, daddr, dport, urg, ack, psh, rst, syn, fin ) | |
| } | |
| if ( sport == 11211 && saddr== "127.0.0.1" ) { | |
| printf(" %5d (%s %s) %15s %5d %15s %5d %d %d %d %d %d %d\n", | |
| pid(), execname(), cmdline_str(), saddr, sport, daddr, dport, urg, ack, psh, rst, syn, fin ) | |
| } | |
| } |
BTW, see also
probe netfilter.ip.local_in { /* ... */ }
for a debuginfo-less alternative.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(Those two if/printfs in the tcp.receive probe could be combined into one; stap has || (boolean or) operators too.)