BPF Compiler CollectionでTCPのコネクションをトレースする

BPFとは

BCCとは

トレース

https://github.com/iovisor/bcc
$ sudo ./tcptracer.py -t
Tracing TCP established connections. Ctrl-C to end.
TIME(s) T PID COMM IP SADDR DADDR SPORT DPORT
0.000 C 7672 curl 4 127.0.0.1 127.0.0.1 59394 16004
0.006 X 7672 curl 4 127.0.0.1 127.0.0.1 59394 16004
0.006 X 7405 http-nio-16004- 6 [::] [0:ffff:7f00:1::] 0 65535
2.061 C 7682 curl 4 10.202.210.1 172.217.161.68 60036 443
2.177 X 7682 curl 4 10.202.210.1 172.217.161.68 60036 443
2.948 A 9565 java 4 127.0.0.1 127.0.0.1 42641 55980

まとめ

参考

--

--

Software engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store