System information
SystemTap—Filtering and Analyzing System Data 83
!=: Is not equal to
>=: Is greater than or equal to
<=: Is less than or equal to
5.4 Example Script
If you have installed the systemtap-docs package, you can find a number of
useful SystemTap example scripts in /usr/share/doc/packages/system
tap/examples.
This section describes a rather simple example script in more detail: /
usr/share/doc/packages/systemtap/examples/net
work/tcp_connections.stp.
Example5.5: Monitoring Incoming TCP Connections with tcp_connections.stp
#! /usr/bin/env stap
probe begin {
printf("%6s %16s %6s %6s %16s\n",
"UID", "CMD", "PID", "PORT", "IP_SOURCE")
}
probe kernel.function("tcp_accept").return?,
kernel.function("inet_csk_accept").return? {
sock = $return
if (sock != 0)
printf("%6d %16s %6d %6d %16s\n", uid(), execname(), pid(),
inet_get_local_port(sock), inet_get_ip_source(sock))
}
This SystemTap script monitors the incoming TCP connections and helps to identify
unauthorized or unwanted network access requests in real time. It shows the following
information for each new incoming TCP connection accepted by the computer:
• User ID (UID)
• Command accepting the connection (CMD)
• Process ID of the command (PID)
• Port used by the connection (PORT)