一,工具简介
tcpconnect工具追踪执行活动TCP连接的内核函数(例如,通过connect()系统调用;accept()是被动连接)。
详细地说,tcpconnect通过钩住内核中的tcp_v4_connect和/或tcp_v6_connect函数来工作,这些函数是在尝试建立TCP连接时被调用的。当这些函数被调用时,tcpconnect可以捕获并记录有关连接的信息,如源IP地址、目的IP地址和端口号等。
二,代码示例
#!/usr/bin/env python
from __future__ import print_function
from bcc import BPF
from bcc.containers import filter_by_containers
from bcc.utils import printb
import argparse
from socket import inet_ntop, ntohs, AF_INET, AF_INET6
from struct import pack
from time import sleep
from datetime import datetime
# 参数
examples = """examples:
./tcpconnect # trace all TCP connect()s
./tcpconnect -t # include timestamps
./tcpconnect -d # include DNS queries associated with connects
./tcpconnect -p 181 # only trace PID 181
./tcpconnect -P 80 # only trace p
