googerteller/netsendmsg.bt

#!/usr/bin/bpftrace
#include <net/sock.h>

kprobe:udp_sendmsg,
kprobe:tcp_sendmsg
{
  $sk = (struct sock *)arg0;

  $daddr = ntop($sk->__sk_common.skc_daddr);

  printf("%-8d\t%s\t(%s)\n", pid, $daddr, comm);
}
Add scripts for tracking single process 2022-08-23 12:51:43 +02:00			`#!/usr/bin/bpftrace`
			`#include <net/sock.h>`

			`kprobe:udp_sendmsg,`
			`kprobe:tcp_sendmsg`
			`{`
			`$sk = (struct sock *)arg0;`

			`$daddr = ntop($sk->__sk_common.skc_daddr);`

			`printf("%-8d\t%s\t(%s)\n", pid, $daddr, comm);`
			`}`