Hallo, dies ist ein Test.

PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html

Running in File Mode
Relative path: ./../../.././../../../usr/demo/dtrace/tcpsnoop.d
Real path: /usr/demo/dtrace/tcpsnoop.d
Zurück

#!/usr/sbin/dtrace -s
/*
 * tcpsnoop - snoop TCP network packets by process.
 *	Written using DTrace tcp Provider.
 *
 * This analyses TCP network packets and prints the responsible PID plus
 * standard details such as IP address and port. This captures traffic
 * from existing and newly created TCP connections. It can help identify
 * which processes are causing TCP traffic.
 *
 * SEE ALSO: snoop -rS
 */
/*
 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
 *
 * This D script is used as an example in the Oracle Solaris 11.4
 * Dynamic Tracing Guide in the "tcp Provider" Chapter.
 *
 * On machines that have DTrace installed, this script is available as
 * tcpsnoop.d in /usr/demo/dtrace, a directory that contains all D scripts
 * used in the Solaris Dynamic Tracing Guide.  A table of the scripts and their
 * corresponding chapters may be found here:
 *
 *   file:///usr/demo/dtrace/index.html
 *
 * Portions Copyright 2010 Brendan Gregg
 */

#pragma D option quiet
#pragma D option switchrate=10hz

dtrace:::BEGIN
{
	printf("%6s %6s %15s:%-5s      %15s:%-5s %6s %s\n",
	    "TIME", "PID", "LADDR", "PORT", "RADDR", "PORT", "BYTES", "FLAGS");
}

tcp:::send
{
	this->length = args[2]->ip_plength - args[4]->tcp_offset;
	printf("%6d %6d %15s:%-5d  ->  %15s:%-5d %6d (",
	    timestamp/1000, args[1]->cs_pid, args[2]->ip_saddr,
	    args[4]->tcp_sport, args[2]->ip_daddr, args[4]->tcp_dport,
	    this->length);
}

tcp:::receive
{
	this->length = args[2]->ip_plength - args[4]->tcp_offset;
	printf("%6d %6d %15s:%-5d  <-  %15s:%-5d %6d (",
	    timestamp/1000, args[1]->cs_pid, args[2]->ip_daddr,
	    args[4]->tcp_dport, args[2]->ip_saddr, args[4]->tcp_sport,
	    this->length);
}

tcp:::send,
tcp:::receive
{
	printf("%s", args[4]->tcp_flags & TH_FIN ? "FIN|" : "");
	printf("%s", args[4]->tcp_flags & TH_SYN ? "SYN|" : "");
	printf("%s", args[4]->tcp_flags & TH_RST ? "RST|" : "");
	printf("%s", args[4]->tcp_flags & TH_PUSH ? "PUSH|" : "");
	printf("%s", args[4]->tcp_flags & TH_ACK ? "ACK|" : "");
	printf("%s", args[4]->tcp_flags & TH_URG ? "URG|" : "");
	printf("%s", args[4]->tcp_flags & TH_ECE ? "ECE|" : "");
	printf("%s", args[4]->tcp_flags & TH_CWR ? "CWR|" : "");
	printf("%s", args[4]->tcp_flags == 0 ? "null " : "");
	printf("\b)\n");
}