1*9cd928feSAlan Maguire #!/usr/sbin/dtrace -s 2*9cd928feSAlan Maguire /* 3*9cd928feSAlan Maguire * udpsnoop - snoop UDP network packets by process. 4*9cd928feSAlan Maguire * Written using DTrace udp Provider. 5*9cd928feSAlan Maguire * 6*9cd928feSAlan Maguire * This analyses UDP network packets and prints the responsible PID plus 7*9cd928feSAlan Maguire * standard details such as IP address and port. This captures traffic 8*9cd928feSAlan Maguire * from existing and newly created UDP connections. It can help identify 9*9cd928feSAlan Maguire * which processes are causing UDP traffic. 10*9cd928feSAlan Maguire * 11*9cd928feSAlan Maguire * CDDL HEADER START 12*9cd928feSAlan Maguire * 13*9cd928feSAlan Maguire * The contents of this file are subject to the terms of the 14*9cd928feSAlan Maguire * Common Development and Distribution License (the "License"). 15*9cd928feSAlan Maguire * You may not use this file except in compliance with the License. 16*9cd928feSAlan Maguire * 17*9cd928feSAlan Maguire * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 18*9cd928feSAlan Maguire * or http://www.opensolaris.org/os/licensing. 19*9cd928feSAlan Maguire * See the License for the specific language governing permissions 20*9cd928feSAlan Maguire * and limitations under the License. 21*9cd928feSAlan Maguire * 22*9cd928feSAlan Maguire * When distributing Covered Code, include this CDDL HEADER in each 23*9cd928feSAlan Maguire * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 24*9cd928feSAlan Maguire * If applicable, add the following below this CDDL HEADER, with the 25*9cd928feSAlan Maguire * fields enclosed by brackets "[]" replaced with your own identifying 26*9cd928feSAlan Maguire * information: Portions Copyright [yyyy] [name of copyright owner] 27*9cd928feSAlan Maguire * 28*9cd928feSAlan Maguire * CDDL HEADER END 29*9cd928feSAlan Maguire */ 30*9cd928feSAlan Maguire /* 31*9cd928feSAlan Maguire * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 32*9cd928feSAlan Maguire * 33*9cd928feSAlan Maguire * Portions Copyright 2010 Brendan Gregg 34*9cd928feSAlan Maguire */ 35*9cd928feSAlan Maguire 36*9cd928feSAlan Maguire #pragma D option quiet 37*9cd928feSAlan Maguire #pragma D option switchrate=10hz 38*9cd928feSAlan Maguire 39*9cd928feSAlan Maguire dtrace:::BEGIN 40*9cd928feSAlan Maguire { 41*9cd928feSAlan Maguire printf("%6s %6s %15s:%-5s %15s:%-5s %6s\n", 42*9cd928feSAlan Maguire "TIME", "PID", "LADDR", "PORT", "RADDR", "PORT", "BYTES"); 43*9cd928feSAlan Maguire } 44*9cd928feSAlan Maguire 45*9cd928feSAlan Maguire udp:::send 46*9cd928feSAlan Maguire { 47*9cd928feSAlan Maguire printf("%6d %6d %15s:%-5d -> %15s:%-5d %6d\n", 48*9cd928feSAlan Maguire timestamp/1000, args[1]->cs_pid, args[2]->ip_saddr, 49*9cd928feSAlan Maguire args[4]->udp_sport, args[2]->ip_daddr, args[4]->udp_dport, 50*9cd928feSAlan Maguire args[4]->udp_length); 51*9cd928feSAlan Maguire } 52*9cd928feSAlan Maguire 53*9cd928feSAlan Maguire udp:::receive 54*9cd928feSAlan Maguire { 55*9cd928feSAlan Maguire printf("%6d %6d %15s:%-5d <- %15s:%-5d %6d\n", 56*9cd928feSAlan Maguire timestamp/1000, args[1]->cs_pid, args[2]->ip_daddr, 57*9cd928feSAlan Maguire args[4]->udp_dport, args[2]->ip_saddr, args[4]->udp_sport, 58*9cd928feSAlan Maguire args[4]->udp_length); 59*9cd928feSAlan Maguire } 60