Created
June 26, 2020 14:07
-
-
Save piotr1212/b22f0de6b48bc7cf9c557d702596a805 to your computer and use it in GitHub Desktop.
Check what connects to my port systemtap, from https://sourceware.org/systemtap/examples/network/connect_stat.stp but added port
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env stap | |
| ############################################################ | |
| # connect_stat.stp | |
| # Author: Robin Hack <[email protected]> | |
| # An example script show process tree of process | |
| # which tried to call connect with specific ip address | |
| ############################################################ | |
| function process_tree (ip:string) { | |
| cur_proc = task_current(); | |
| parent_pid = task_pid(task_parent (cur_proc)); | |
| printf ("%s: ", ip); | |
| while (parent_pid != 0) { | |
| printf ("%s (%d),%d,%d -> ", task_execname(cur_proc), task_pid(cur_proc), task_uid(cur_proc),task_gid (cur_proc)); | |
| cur_proc = task_parent(cur_proc); | |
| parent_pid = task_pid(task_parent (cur_proc)); | |
| } | |
| # init process | |
| if (task_pid (cur_proc) == 1) { | |
| printf ("%s (%d),%d,%d\n", task_execname(cur_proc), task_pid(cur_proc), task_uid(cur_proc),task_gid (cur_proc)); | |
| } | |
| } | |
| probe syscall.connect { | |
| if ((uaddr_af !~ "AF_INET*") || (uaddr_ip != @1) || (uaddr_ip_port != @2)) { | |
| next; | |
| } | |
| process_tree (uaddr_ip); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment