1 #!/usr/sbin/dtrace -s 2 /* 3 * udpsnoop - snoop UDP network packets by process. 4 * Written using DTrace udp Provider. 5 * 6 * This analyses UDP network packets and prints the responsible PID plus 7 * standard details such as IP address and port. This captures traffic 8 * from existing and newly created UDP connections. It can help identify 9 * which processes are causing UDP traffic. 10 * 11 * CDDL HEADER START 12 * 13 * The contents of this file are subject to the terms of the 14 * Common Development and Distribution License (the "License"). 15 * You may not use this file except in compliance with the License. 16 * 17 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 18 * or http://www.opensolaris.org/os/licensing. 19 * See the License for the specific language governing permissions 20 * and limitations under the License. 21 * 22 * When distributing Covered Code, include this CDDL HEADER in each 23 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 24 * If applicable, add the following below this CDDL HEADER, with the 25 * fields enclosed by brackets "[]" replaced with your own identifying 26 * information: Portions Copyright [yyyy] [name of copyright owner] 27 * 28 * CDDL HEADER END 29 */ 30 /* 31 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 32 * 33 * Portions Copyright 2010 Brendan Gregg 34 */ 35 36 #pragma D option quiet 37 #pragma D option switchrate=10hz 38 39 dtrace:::BEGIN 40 { 41 printf("%6s %6s %15s:%-5s %15s:%-5s %6s\n", 42 "TIME", "PID", "LADDR", "PORT", "RADDR", "PORT", "BYTES"); 43 } 44 45 udp:::send 46 { 47 printf("%6d %6d %15s:%-5d -> %15s:%-5d %6d\n", 48 timestamp/1000, args[1]->cs_pid, args[2]->ip_saddr, 49 args[4]->udp_sport, args[2]->ip_daddr, args[4]->udp_dport, 50 args[4]->udp_length); 51 } 52 53 udp:::receive 54 { 55 printf("%6d %6d %15s:%-5d <- %15s:%-5d %6d\n", 56 timestamp/1000, args[1]->cs_pid, args[2]->ip_daddr, 57 args[4]->udp_dport, args[2]->ip_saddr, args[4]->udp_sport, 58 args[4]->udp_length); 59 } 60