HEX
Server: Apache/2.4.34 (Red Hat) OpenSSL/1.0.2k-fips
System: Linux WORDPRESS 3.10.0-1160.118.1.el7.x86_64 #1 SMP Thu Apr 4 03:33:23 EDT 2024 x86_64
User: digital (1020)
PHP: 7.2.24
Disabled: NONE
$ pwd: /usr/share/systemtap/examples/network/
Upload Files
File: //usr/share/systemtap/examples/network/connect_stat.stp
#!/usr/bin/stap

############################################################
# connect_stat.stp
# Author: Robin Hack <[email protected]>
# An example script show process tree of process
# which tried to call connect with specific ip address
############################################################

function process_tree (ip:string) {
    cur_proc = task_current();
    parent_pid = task_pid(task_parent (cur_proc));

    printf ("%s: ", ip);
    while (parent_pid != 0) {
        printf ("%s (%d),%d,%d -> ", task_execname(cur_proc), task_pid(cur_proc), task_uid(cur_proc),task_gid (cur_proc));
        cur_proc = task_parent(cur_proc);
        parent_pid = task_pid(task_parent (cur_proc));
    }
    # init process
    if (task_pid (cur_proc) == 1) {
        printf ("%s (%d),%d,%d\n", task_execname(cur_proc), task_pid(cur_proc), task_uid(cur_proc),task_gid (cur_proc));
    }
}

probe syscall.connect {
    if ((uaddr_af !~ "AF_INET*") || (uaddr_ip != @1)) {
        next;
    }
    process_tree (uaddr_ip);
}
@ Telegram