|
|
EDA365欢迎您登录!
您需要 登录 才可以下载或查看,没有帐号?注册
x
原创文章,转载请注明: 转载自系统技术非业余研究1 n; G6 o- e7 @
' k* R! p. I% n9 h+ {
2 @ q, j5 ^, K( _7 z6 s, x+ D# Z4 P0 K2 o晚上 雕梁 说要找个工具来调查下unix域套接字的发送和接受情况,比如说A程序是否送出,B程序是否接收到,他找了tcpdump ,wireshark什么的,貌似都不支持。
4 o3 Z0 t/ }# @0 v6 i) j
: ^+ A, C4 F% [/ c这时候还是伟大的systemtap来救助了。 因为所有的socket通讯都是通过socket接口来的,任何family的通讯包括unix域套接都要走的,所以只要截获了socket 读写的几个syscall 就搞定了.
! ? n; C( [! _+ f2 P* k5 F6 `9 S
7 _2 s' R {6 _ E, b+ z* ~, Bsystemtap发行版本提供了个工具socktop, 位于 /usr/share/doc/systemtap/examples/network/socktop, 是个非常方便的工具, 干这个事情最合适了。4 a1 l o; T$ G" _' Z
: O6 U% |) v8 u4 t4 `socktop源码里面的版权和简单的功能介绍:2 h% G& ]- V* {* C
# I8 } A2 n' Y. }
# Socktop systemtap script4 L0 X3 E6 o8 i# f0 R, {5 C
# Copyright (C) 2006 IBM Corp.
; `, Y( l/ @6 K9 b$ b0 g6 G( s#
$ E( | a3 U1 G$ h* k# This file is part of systemtap, and is free software. You can
# a3 d0 I4 B$ ^; ?2 H2 u- Y# redistribute it and/or modify it under the terms of the GNU General3 ~+ x2 f0 R |( y
# Public License (GPL); either version 2, or (at your option) any, k! x& A7 M; f% b! `' f3 K
# later version.
6 b& f# s+ i' V4 D3 }# j( K
" M* t2 S' s9 H###7 I/ @1 Q8 j4 K3 c
### socktop – Combination shell/systemtap script to track reads and writes" x) k) }4 e1 [6 @! [; G/ J" g- p
### on sockets by process. Can be filtered by process IDs and. U( y5 W" y" v" l( M8 W. @% Z
### names, protocols, protocol families, users and socket type.
$ b7 O* S0 ^; w2 I) W4 i, V###
9 _ R# g, _# ~2 H
4 }& W ^4 J" G* @' h- \( X$ uname -r
) c" _) B3 l) P! A. Q; I: q O2.6.18-164.el5* a. B3 W& g+ G& V5 C. H8 s% |" v
7 p6 U6 [' w/ ?5 _( X
$ rpm -i kernel-debuginfo-common-2.6.18-164.el5.x86_64.rpm& F" `' C! H5 W3 S4 S; G
$ rpm -i kernel-debuginfo-2.6.18-164.el5.x86_64.rpm , ?( z6 r, c/ _- P2 L
y! i1 t( ]! h
#使用帮助1 t& F3 x) d7 ~' D' Y+ R
$ /usr/share/doc/systemtap/examples/network/socktop -h
; o: M# c [# J4 lUSAGE: socktop [-d] [-i interval] [-N num] [-P protocol]... [-f family]...
8 ?* d* `! P0 \ [-t stype]... [-n pname]... [-p pid]... [-u username]... [-h]
. t/ S f6 B1 j- m/ D" ` -d # print network device traffic (default: off)5 F$ H2 b) i+ k% n* e" j% `
-i interval # interval in seconds between printing (default: 5)' ]5 L$ s2 G" _) [6 M2 m U: I
-N num # number of top processes and devices to print (default: 10)
! `( h0 G ^% }0 R/ h7 T$ n, p -f family # this protocol family only (default: all)- E1 X* C3 l: w. j1 X6 H- p6 N4 |
-P protocol # this protocol only (default: all)
5 S d4 a$ r7 z$ n3 u -t stype # this socket type only (default: all)
3 B2 }; b2 }! C -n pname # this process name only (default: all)1 [$ D1 F, e1 M& y$ ?- s
-p pid # this process ID only (default: all)
+ S1 ]! y- i& j8 c -u username # this user only (default: all)
7 C+ n% N& A" t o! g$ p# j- L -c count # number of iteration
1 o( b, w: V8 v ?3 h6 k% A& N -m mod_name # generate instrumentation (but do not run) c+ i$ ?$ t: A u% S8 Q6 K$ l, k7 a
-h # print this help text
" ?8 w$ [$ G1 h z7 S. v3 n& l + ], W8 s1 R& K( W& O5 D) k
Protocol Families:- ^5 S- l( P$ c4 B' C2 _
LOCAL, INET, INET6, IPX, NETLINK, X25, AX25, ATMPVC, APPLETALK, PACKET' T$ N* f$ Q2 E# d
. g, a" }9 _5 \- M) X [
Protocols:
0 J9 o( _ k% P/ J1 w7 E$ I# @& K3 { TCP, UDP, SCTP, IP, FC, ... (see /etc/protocols for complete list): L. E2 q! c* [
, H5 }0 j' x0 w: ]6 e
Socket Types:- U; @0 O% G" T
STREAM, DGRAM, RAW, RDM, SEQPACKET, DCCP, PACKET6 P1 W/ @* s m6 |" t
上面的使用写的很明白了,我们要过滤的是unix套接字, 每5秒报告下情况, 还顺手把网络设备的流量打出来。6 i0 E4 |) r* Q9 R
, q) x8 x5 C0 v1 [7 F1 K4 d
$sudo /usr/share/doc/systemtap/examples/network/socktop -f LOCAL -i 5 -d
( r$ V0 P9 o; i4 H======================= Thu Mar 31 21:23:03 2011 ========================
2 q# O) B$ W3 W8 n------------------------------- PROCESSES -------------------------------, V* O9 \5 H" Q# _8 Q
PID UID #SEND #RECV SEND_KB RECV_KB PROT FAMILY COMMAND $ }- Q, {3 j6 ^* {( l3 _: t
24821 50453 1 0 0 0 IP LOCAL crond 7 W( \9 k; H- j9 j/ w
3840 0 0 2 0 0 IP LOCAL syslog-ng 5 `5 @: s5 N$ p. q, z
# c1 y6 j( [0 A/ `; `( }! O: c
-------------------------------- DEVICES --------------------------------
# l7 y. R' _- r) N M# aDEV #XMIT #RECV XMIT_KB RECV_KB) P$ W" G' G6 A' g6 v9 w+ `
eth0 457 250 102 38
7 S- V( u+ t6 a b- w( W, xbond0 457 0 102 03 \# d+ ~1 I, f
lo 24 24 2 2
! k$ j s1 C. y4 z! u& p9 B/ V9 o; Feth1 0 10 0 07 }8 \* P7 j! ]5 z A
=========================================================================7 Z/ k: S y0 L D
我们很清楚的看到了,crond在发,syslog-ng在收。6 i, o& n+ X2 A, y6 o0 l2 {1 ]
) m& M" [6 q6 `# p7 A如果你想知道报文的内容的话,可以改改脚本把报文也dump出来。
( Q) @6 l3 o( y9 k: u3 s- M# T
( G0 j! n6 |. ?3 W玩得开心! |
|
/1 
发表于 2020-1-6 10:43
收藏
淘帖
支持!
反对!