[dtrace-discuss] conntrack DTrace script

Sergio Rodriguez de Guzman Thu, 27 Aug 2009 04:58:43 -0700

Hi there,

I’ve created an script for Solaris and Opensolaris to monitor all outgoing TCP 
and UDP connections by process, user and port.


It has some filtering capabilities allowing to filter traffic by port, process 
or user.

It's slightly similar to Brendan's DTT/Net/connections but I've included the 
monitoring of all outgoing connections and filtering capabilities.

Here are some examples:
Usage:
# ./conntrack -h
USAGE: ./conntrack [-h] [-p port] [-c command] [-u user]
   -p port         # filter by port (incompatible with user and command)
   -c command      # filter by command (incompatible with port and user)
   -u user         # filter by user (incompatible with port and command)
  eg,
       ./conntrack -p 22    # snoop connections to port 22

- What process is listening on port 23?:

# ./conntrack -p 23
             PROC   PID   UID      ZONE     LPORT     RPORT TYPE SOURCE         
 
            sched     0     0    global        23     36438  TCP 10.164.50.105
       in.telnetd  2084     0    global        23     36438  TCP 10.164.50.105
            sched     0     0    global        23     36438  TCP 10.164.50.105
            sched     0     0    global        23     36438  TCP 10.164.50.105
            sched     0     0    global        23     36438  TCP 10.164.50.105
       in.telnetd  2084     0    global        23     36438  TCP 10.164.50.105
       in.telnetd  2084     0    global        23     36438  TCP 10.164.50.105
            sched     0     0    global        23     36438  TCP 10.164.50.105
            sched     0     0    global        23     36438  TCP 10.164.50.105
       in.telnetd  2084     0    global        23     36438  TCP 10.164.50.105
       in.telnetd  2084     0    global        23     36438  TCP 10.164.50.105
            login  2086     0    global        23     36438  TCP 10.164.50.105

- Where is the firefox process connecting?

# ./conntrack -c firefox-bin
             PROC   PID   UID      ZONE     LPORT     RPORT TYPE SOURCE         
 
      firefox-bin  1305   100    global     63640        80  TCP 212.58.226.138
      firefox-bin  1305   100    global     60055        80  TCP 63.245.209.93
      firefox-bin  1305   100    global     38147        80  TCP 63.245.209.93
      firefox-bin  1305   100    global     61736        80  TCP 212.58.226.138

- Where and how is sending information a specific user?

# ./conntrack -u sergio
             PROC   PID   UID      ZONE     LPORT     RPORT TYPE SOURCE         
 
      firefox-bin  1305   100    global     57245        80  TCP 74.125.39.105
      firefox-bin  1305   100    global     57245        80  TCP 74.125.39.105
      firefox-bin  1305   100    global     57245        80  TCP 74.125.39.105
      firefox-bin  1305   100    global     57245        80  TCP 74.125.39.105
      firefox-bin  1305   100    global     64782        80  TCP 209.85.129.100
      firefox-bin  1305   100    global     57245        80  TCP 74.125.39.105
  thunderbird-bin  1323   100    global     45556       993  TCP 10.164.50.28
  thunderbird-bin  1323   100    global     45556       993  TCP 10.164.50.28
  thunderbird-bin  1323   100    global     45556       993  TCP 10.164.50.28
  thunderbird-bin  1323   100    global     45556       993  TCP 10.164.50.28

You can get the latest version here:
http://blogs.corenetworks.es/wp-content/uploads/2009/08/conntrack
and the full explanation here:
http://blogs.corenetworks.es/2009/08/conntrack-dtrace-script-connections-by-process-user-and-port-on-solaris-opensolaris/

I would appreciate your feedback and comments.
Sergio.
-- 
This message posted from opensolaris.org
_______________________________________________
dtrace-discuss mailing list
[email protected]

[dtrace-discuss] conntrack DTrace script

Reply via email to