⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.144
Server IP:
157.245.143.252
Server:
Linux www 6.11.0-9-generic #9-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 14 13:19:59 UTC 2024 x86_64
Server Software:
nginx/1.26.0
PHP Version:
8.3.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
doc
/
bpfcc-tools
/
examples
/
doc
/
View File Name :
killsnoop_example.txt
Demonstrations of killsnoop, the Linux eBPF/bcc version. This traces signals sent via the kill() syscall. For example: # ./killsnoop TIME PID COMM SIG TPID RESULT 12:10:51 13967 bash 9 13885 0 12:11:34 13967 bash 9 1024 -3 12:11:41 815 systemd-udevd 15 14076 0 The first line showed a SIGKILL (9) sent from PID 13967 (a bash shell) to PID 13885. The result, 0, means success. The second line showed the same signal sent, this time resulting in a -3 (ESRCH: no such process). USAGE message: # ./killsnoop -h usage: killsnoop [-h] [-x] [-p PID] [-T PID] [-s SIGNAL] Trace signals issued by the kill() syscall optional arguments: -h, --help show this help message and exit -x, --failed only show failed kill syscalls -p PID, --pid PID trace this PID only which is the sender of signal -T TPID, --tpid TPID trace this target PID only which is the receiver of signal -s SIGNAL, --signal SIGNAL trace this signal only examples: ./killsnoop # trace all kill() signals ./killsnoop -x # only show failed kills ./killsnoop -p 181 # only trace PID 181 ./killsnoop -T 189 # only trace target PID 189 ./killsnoop -s 9 # only trace signal 9