<div dir="ltr"><div><div><div>Actually what i want to trace is what all netfilter calls the packet trace till it reach destination.<br>Will strace do that because i just ran the strace with client and the server sample program <a href="http://www.codeproject.com/Articles/586000/Networking-and-Socket-programming-tutorial-in-C">http://www.codeproject.com/Articles/586000/Networking-and-Socket-programming-tutorial-in-C</a><br>
<br></div>For the client i got the following result<br> <b>strace -o /root/Desktop/traceq.txt ./cli</b><br>Message from server<br>[root@client Desktop]# cat traceq.txt<br>execve("./cli", ["./cli"], [/* 27 vars */]) = 0<br>
brk(0) = 0x159c000<br>mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea4c159000<br>access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)<br>
open("/etc/ld.so.cache", O_RDONLY) = 3<br>fstat(3, {st_mode=S_IFREG|0644, st_size=68323, ...}) = 0<br>mmap(NULL, 68323, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fea4c148000<br>close(3) = 0<br>
open("/lib64/libc.so.6", O_RDONLY) = 3<br>read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\356Ah?\0\0\0"..., 832) = 832<br>fstat(3, {st_mode=S_IFREG|0755, st_size=1926800, ...}) = 0<br>
mmap(0x3f68400000, 3750152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3f68400000<br>mprotect(0x3f6858b000, 2093056, PROT_NONE) = 0<br>mmap(0x3f6878a000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x3f6878a000<br>
mmap(0x3f6878f000, 18696, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3f6878f000<br>close(3) = 0<br>mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea4c147000<br>
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea4c146000<br>mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea4c145000<br>arch_prctl(ARCH_SET_FS, 0x7fea4c146700) = 0<br>
mprotect(0x3f6878a000, 16384, PROT_READ) = 0<br>mprotect(0x3f67e1f000, 4096, PROT_READ) = 0<br>munmap(0x7fea4c148000, 68323) = 0<br>socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3<br>connect(3, {sa_family=AF_INET, sin_port=htons(5000), sin_addr=inet_addr("192.168.60.3")}, 16) = 0<br>
read(3, "Message from server", 1023) = 19<br>fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 6), ...}) = 0<br>mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea4c158000<br>
write(1, "Message from server\n", 20) = 20<br>read(3, "", 1023) = 0<br>exit_group(0) <br><br><br></div><b>And for the server i got the following result</b><br><br>strace -o /root/Desktop/trace.txt ./ser<br>
socket retrieve success<br>^C<br>[root@server Desktop]# cat trace<br>traceprocess.sh trace.txt<br>[root@server Desktop]# cat trace.txt<br>execve("./ser", ["./ser"], [/* 26 vars */]) = 0<br>brk(0) = 0x1727000<br>
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f57e614c000<br>access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)<br>open("/etc/ld.so.cache", O_RDONLY) = 3<br>
fstat(3, {st_mode=S_IFREG|0644, st_size=69902, ...}) = 0<br>mmap(NULL, 69902, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f57e613a000<br>close(3) = 0<br>open("/lib64/libc.so.6", O_RDONLY) = 3<br>
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\356\1\2444\0\0\0"..., 832) = 832<br>fstat(3, {st_mode=S_IFREG|0755, st_size=1926800, ...}) = 0<br>mmap(0x34a4000000, 3750152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x34a4000000<br>
mprotect(0x34a418b000, 2093056, PROT_NONE) = 0<br>mmap(0x34a438a000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x34a438a000<br>mmap(0x34a438f000, 18696, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x34a438f000<br>
close(3) = 0<br>mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f57e6139000<br>mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f57e6138000<br>
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f57e6137000<br>arch_prctl(ARCH_SET_FS, 0x7f57e6138700) = 0<br>mprotect(0x34a438a000, 16384, PROT_READ) = 0<br>mprotect(0x34a3a1f000, 4096, PROT_READ) = 0<br>
munmap(0x7f57e613a000, 69902) = 0<br>socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3<br>fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 2), ...}) = 0<br>mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f57e614b000<br>
write(1, "socket retrieve success\n", 24) = 24<br>bind(3, {sa_family=AF_INET, sin_port=htons(5000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0<br>listen(3, 10) = 0<br>accept(3, 0, NULL) = 4<br>
write(4, "Message from server", 19) = 19<br>close(4) = 0<br>rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0<br>rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0<br>rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0<br>
nanosleep({1, 0}, 0x7fffb1502640) = 0<br>accept(3, 0, NULL) = ? ERESTARTSYS (To be restarted)<br>--- SIGINT (Interrupt) @ 0 (0) ---<br>+++ killed by SIGINT +++<br><br><br><br></div>Regards<br><br>
<div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 27, 2014 at 9:26 PM, Augusto Mecking Caringi <span dir="ltr"><<a href="mailto:augustocaringi@gmail.com" target="_blank">augustocaringi@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div class="">On Tue, May 27, 2014 at 8:31 AM, Robert Clove <span dir="ltr"><<a href="mailto:cloverobert@gmail.com" target="_blank">cloverobert@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div><div><div>But there will be other packets also coming from the network like if some one is browsing the net on mozilla.<br>
</div></div>I only want to trace the send() calls that i have used in my code,is that possible?<br></div></div></blockquote><div><br></div></div><div>Robert, </div><div><br></div><div> You must specify the PID of your process (to attach strace to a running process), or run your program through strace.</div>
<div><br></div><div> Yon can use grep to filter only the write syscall.</div><div><br></div><div> Regards.</div><div><br></div><div>-- </div></div><span class="HOEnZb"><font color="#888888">Augusto Mecking Caringi
</font></span></div></div>
</blockquote></div><br></div>