403Webshell
Server IP : 15.235.198.142  /  Your IP : 216.73.216.14
Web Server : Apache/2.4.58 (Ubuntu)
System : Linux ballsack 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30 12:02:04 UTC 2024 x86_64
User : www-data ( 33)
PHP Version : 8.3.6
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : OFF
Directory :  /usr/share/doc/bpfcc-tools/examples/doc/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/share/doc/bpfcc-tools/examples/doc/statsnoop_example.txt
Demonstrations of statsnoop, the Linux eBPF/bcc version.


statsnoop traces the different stat() syscalls system-wide, and prints various
details. Example output:

# ./statsnoop 
PID    COMM               FD ERR PATH
31126  bash                0   0 .
31126  bash               -1   2 /usr/local/sbin/iconfig
31126  bash               -1   2 /usr/local/bin/iconfig
31126  bash               -1   2 /usr/sbin/iconfig
31126  bash               -1   2 /usr/bin/iconfig
31126  bash               -1   2 /sbin/iconfig
31126  bash               -1   2 /bin/iconfig
31126  bash               -1   2 /usr/games/iconfig
31126  bash               -1   2 /usr/local/games/iconfig
31126  bash               -1   2 /apps/python/bin/iconfig
31126  bash               -1   2 /mnt/src/llvm/build/bin/iconfig
8902   command-not-fou    -1   2 /usr/bin/Modules/Setup
8902   command-not-fou    -1   2 /usr/bin/lib/python3.4/os.py
8902   command-not-fou    -1   2 /usr/bin/lib/python3.4/os.pyc
8902   command-not-fou     0   0 /usr/lib/python3.4/os.py
8902   command-not-fou    -1   2 /usr/bin/pybuilddir.txt
8902   command-not-fou    -1   2 /usr/bin/lib/python3.4/lib-dynload
8902   command-not-fou     0   0 /usr/lib/python3.4/lib-dynload
8902   command-not-fou     0   0 /apps/python/lib/python2.7/site-packages
8902   command-not-fou     0   0 /apps/python/lib/python2.7/site-packages
8902   command-not-fou     0   0 /apps/python/lib/python2.7/site-packages
8902   command-not-fou     0   0 /usr/lib/python3.4/
8902   command-not-fou     0   0 /usr/lib/python3.4/
[...]

This output has caught me mistyping a command in another shell, "iconfig"
instead of "ifconfig". The first several lines show the bash shell searching
the $PATH, and failing to find it (ERR == 2 is file not found). Then, a
"command-not-found" program executes (the name is truncated to 16 characters
in the COMM field), which begins the process of searching for and suggesting
a package. ie, this:

# iconfig
No command 'iconfig' found, did you mean:
 Command 'vconfig' from package 'vlan' (main)
 Command 'fconfig' from package 'redboot-tools' (universe)
 Command 'mconfig' from package 'mono-devel' (main)
 Command 'iwconfig' from package 'wireless-tools' (main)
 Command 'zconfig' from package 'python-zconfig' (universe)
 Command 'ifconfig' from package 'net-tools' (main)
iconfig: command not found

statsnoop can be used for general debugging, to see what file information has
been requested, and whether those files exist. It can be used as a companion
to opensnoop, which shows what files were actually opened.


USAGE message:

# ./statsnoop -h
usage: statsnoop [-h] [-t] [-x] [-p PID]

Trace stat() syscalls

optional arguments:
  -h, --help         show this help message and exit
  -t, --timestamp    include timestamp on output
  -x, --failed       only show failed stats
  -p PID, --pid PID  trace this PID only

examples:
    ./statsnoop           # trace all stat() syscalls
    ./statsnoop -t        # include timestamps
    ./statsnoop -x        # only show failed stats
    ./statsnoop -p 181    # only trace PID 181

Youez - 2016 - github.com/yon3zu
LinuXploit