This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: More detailed networking info needed

From: Alex Iribarren <alex dot iribarren dot lists at gmail dot com>
To: patrick mccormick <patrickm at linux dot vnet dot ibm dot com>
Cc: systemtap at sourceware dot org
Date: Wed, 22 Aug 2007 13:45:11 +0200
Subject: Re: More detailed networking info needed
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type; b=Bvh7OG/HBwfcSy0NKZ66aZCdnytpb5obkcBbEcLE3nKA7gsiFS9P7CDdV6UIrF+4zHi0484Y6dgCdyqRWNgS5fXyyNpGQsr53KaxMCQfzcR/8sZAr8fMv3S3H/oQtK8KZAsUpZ4G0YtP5xY9/h8XAorBApOHX6PGYbNxwVmunvg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type; b=Xdj+cYqSXVh4etuWppH2VRi9FblzG7hiqh+274AxQeKHi7wTaldSiVYtv/gTStm/umyf9qhBPDC6QmKRXpBR97Wwgr8l40nro3MvK+GACTtolkmvqQXmIue0nMbugkIhnIIxgnONnDBeslmqW0znyuHQdzVDYYovv834CpQJjzw=
Openpgp: id=CAE83E64
References: <1187742398.4848.17.camel@patrickm-desktop>

Hi,

I've had similar requirements for some of the stuff I've done. I had to
write a script to log all network connections and produce output like this:

Aug 20 14:21:19 host03 netlog: sshd[3199]: TCP connect start
29.38.40.128:22 <- 11.127.2.21:30471 (uid=0)
Aug 20 14:23:19 host03 netlog: sshd[8150]: TCP connect stop
29.38.40.128:22 <-> 11.127.2.21:30471 (uid=0)
Aug 20 14:25:03 host03 netlog: wget[2749]: TCP connect start
29.38.40.128:3023 -> 209.85.129.104:80 (uid=123)
Aug 20 14:25:03 host03 netlog: wget[2749]: TCP connect stop
29.38.40.128:3023 <-> 209.85.129.104:80 (uid=123)

I did it by probing several low-level kernel functions and I had to use
lots of C code to extract the information. I'd be very interested in
seeing if you come up with a better way of doing it.

Cheers,
Alex

patrick mccormick wrote:
> Hello list,
>
> We have been working on some systemtap scripts that collect networking
> information such as: packets/bytes sent and received on what interface,
> by which pid, successes and failures, tcp or udp...which is about
> everything we could find using the Systemtap wiki and the tapset
> documentation.
>
> But we would like to find out more information, specifically: source and
> destination IPs of incoming and outgoing packets (w/ associated pids),
> and possibly open ports and their associated pids + any traffic over
> them.
>
> So our questions are really: Are there functions/probes in the tapset
> that can grab this information that we have been missing? and can anyone
> point us in the right direction to write our own probes or functions to
> pull this stuff out?
>
> Thanks for any help,
>
> Patrick McCormick
> Rachel Rodgers
>
> IBM LTC Interns
>
>
>

Attachment: signature.asc
Description: OpenPGP digital signature

References:
- More detailed networking info needed
  - From: patrick mccormick

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]