#! /usr/bin/env stap# Print a trace of threads sending IP packets (UDP or TC

1. #! /usr/bin/env stap
2.  
3. # Print a trace of threads sending IP packets (UDP or TCP) to a given
4. # destination port and/or address. Default is unfiltered.
5.  
6. probe netfilter.ip.local_out {
7. if (dport == 53) {
8. printf("%d - %s[PID %d, TID %d], GID %d, UID %d sent packet to %s:%d\n", gettimeofday_ms(), execname(), pid(), tid(), gid(), uid(), daddr, dport)
9. skb = &@cast($skb,"sk_buff","kernel<linux/skbuff.h>")
10. printf("%.*M\n", skb->truesize > 256 ? 256 : skb->truesize, skb->data)
11. }
12. }