陷阱
使您可以找出系统上哪个进程正在将数据包发送到单个<ip>:<port>脚本。 它支持TCP / UDP数据包监视和响应中自定义程序的执行。 取决于tc , ip , iptables和lsof 。
例子
# Monitor DNS requests to host 192.168.1.1 and print out the process tree,
# highlighting the originating process and his ancestors
ptrap -u -i 192.168.1.1 -p 53 -e "pstree -p -H"
# Monitor new connections TCP connections to any port of 192.168.1.1, and
# print out the originating process' nam