403Webshell
Server IP : 15.235.198.142  /  Your IP : 216.73.216.190
Web Server : Apache/2.4.58 (Ubuntu)
System : Linux ballsack 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30 12:02:04 UTC 2024 x86_64
User : www-data ( 33)
PHP Version : 8.3.6
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : OFF
Directory :  /usr/share/doc/bpftrace/examples/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/share/doc/bpftrace/examples/statsnoop_example.txt
Demonstrations of statsnoop, the Linux bpftrace/eBPF version.


statsnoop traces different stat() syscalls system-wide, and prints details.
Example output:

# ./statsnoop.bt
Attaching 9 probes...
Tracing stat syscalls... Hit Ctrl-C to end.
PID    COMM             ERR PATH
27835  bash               0 .
27835  bash               2 /usr/local/sbin/iconfig
27835  bash               2 /usr/local/bin/iconfig
27835  bash               2 /usr/sbin/iconfig
27835  bash               2 /usr/bin/iconfig
27835  bash               2 /sbin/iconfig
27835  bash               2 /bin/iconfig
27835  bash               2 /usr/games/iconfig
27835  bash               2 /usr/local/games/iconfig
27835  bash               2 /snap/bin/iconfig
27835  bash               2 /apps/python/bin/iconfig
30573  command-not-fou    2 /usr/bin/Modules/Setup
30573  command-not-fou    2 /usr/bin/lib/python3.5/os.py
30573  command-not-fou    2 /usr/bin/lib/python3.5/os.pyc
30573  command-not-fou    0 /usr/lib/python3.5/os.py
30573  command-not-fou    2 /usr/bin/pybuilddir.txt
30573  command-not-fou    2 /usr/bin/lib/python3.5/lib-dynload
30573  command-not-fou    0 /usr/lib/python3.5/lib-dynload
30573  command-not-fou    2 /usr/lib/python35.zip
30573  command-not-fou    0 /usr/lib
30573  command-not-fou    2 /usr/lib/python35.zip
30573  command-not-fou    0 /usr/lib/python3.5/
30573  command-not-fou    0 /usr/lib/python3.5/
30573  command-not-fou    0 /usr/lib/python3.5/
30573  command-not-fou    2 /usr/lib/python3.5/encodings/__init__.cpython-35m-x86_64-linux-
30573  command-not-fou    2 /usr/lib/python3.5/encodings/__init__.abi3.so
30573  command-not-fou    2 /usr/lib/python3.5/encodings/__init__.so
30573  command-not-fou    0 /usr/lib/python3.5/encodings/__init__.py
30573  command-not-fou    0 /usr/lib/python3.5/encodings/__init__.py

This output has caught me mistyping a command in another shell, "iconfig"
instead of "ifconfig". The first several lines show the bash shell searching
the $PATH (why is games in my $PATH??), and failing to find it (ERR == 2 is
file not found). Then, a "command-not-found" program executes (the name is
truncated to 16 characters in the COMM field, including the NULL), which
begins the process of searching for and suggesting a package. ie, this:

# iconfig
The program 'iconfig' is currently not installed. You can install it by typing:
apt install ipmiutil

statsnoop can be used for general debugging, to see what file information has
been requested, and whether those files exist. It can be used as a companion
to opensnoop, which shows what files were actually opened.


There is another version of this tool in bcc: https://github.com/iovisor/bcc
The bcc version provides options to customize the output.

Youez - 2016 - github.com/yon3zu
LinuXploit