Software: Apache. PHP/8.3.27 uname -a: Linux pdx1-shared-a4-04 6.6.104-grsec-jammy+ #3 SMP Tue Sep 16 00:28:11 UTC 2025 x86_64 uid=6659440(dh_z2jmpm) gid=2086089(pg10499364) groups=2086089(pg10499364) Safe-mode: OFF (not secure) /usr/share/doc/bpfcc-tools/examples/doc/ drwxr-xr-x | |
| Viewing file: Select action/file-type: Demonstrations of tcptracer, the Linux eBPF/bcc version. This tool traces the kernel function performing TCP connections (eg, via a connect() or accept() syscalls) and closing them (explicitly or if the process dies). Some example output (IP addresses are fake): ``` # ./tcptracer Tracing TCP established connections. Ctrl-C to end. T PID COMM IP SADDR DADDR SPORT DPORT C 28943 telnet 4 192.168.1.2 192.168.1.1 59306 23 C 28818 curl 6 [::1] [::1] 55758 80 X 28943 telnet 4 192.168.1.2 192.168.1.1 59306 23 A 28817 nc 6 [::1] [::1] 80 55758 X 28818 curl 6 [::1] [::1] 55758 80 X 28817 nc 6 [::1] [::1] 80 55758 A 28978 nc 4 10.202.210.1 10.202.109.12 8080 59160 X 28978 nc 4 10.202.210.1 10.202.109.12 8080 59160 ``` This output shows three connections, one outgoing from a "telnet" process, one outgoing from "curl" to a local netcat, and one incoming received by the "nc" process. The output details show the kind of event (C for connection, X for close and A for accept), PID, IP version, source address, destination address, source port and destination port. The -t option prints a timestamp column: ``` # ./tcptracer -t Tracing TCP established connections. Ctrl-C to end. TIME(s) T PID COMM IP SADDR DADDR SPORT DPORT 0.000 C 31002 telnet 4 192.168.1.2 192.168.1.1 42590 23 3.546 C 748 curl 6 [::1] [::1] 42592 80 4.294 X 31002 telnet 4 192.168.1.2 192.168.1.1 42590 23 ``` The --cgroupmap option filters based on a cgroup set. It is meant to be used with an externally created map. # ./tcptracer --cgroupmap /sys/fs/bpf/test01 For more details, see docs/special_filtering.md |
:: Command execute :: | |
--[ c99shell v. 2.5 [PHP 8 Update] [24.05.2025] | Generation time: 0.0107 ]-- |