Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to use IPCDump to track inter-process communication on Linux". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to use IPCDump to track inter-process communication on Linux".

IPCDump

IPCDump is a tool that can help researchers track interprocess communication (IPC) on Linux operating systems. This tool covers most common IPC mechanisms, such as pipes, FIFO, Unix sockets, loopback-based networks, pseudo-terminals, and so on.

This tool helps to study and debug multi-process references, and it also helps to understand the relationships between different components of the operating system during communication. IPCDump can track the metadata and content of this communication, and it is particularly suitable for tracking IPC between processes with a short life cycle, which is a difficult task for traditional debugging tools, such as strace or gdb. It also has some basic filtering features that can help you filter a large number of events. Most of the information collected by IPCDump comes from the kprobes of key functions in the kernel and the BPF hook on the trace point. To do this, IPCDump uses gobpf, which provides Golang binding capabilities for the bcc framework.

Function introduction

Support for pipes and FIFO

Loopback IPC

Signal (regular and real-time)

Unix streams and data graphs

IPC based on pseudo Terminal

Event filter based on process PID or process name

Output data with high readability or JSON format

Tool requirements & use

Golang > = 1.15.6

Tested platform and kernel

Software version

Ubuntu 18.04 LTS

Ubuntu 20.04 LTS

4.15.0

Tested

Not tested

5.4.0

Not tested

Tested

5.8.0

Not tested

Tested

Tools to build dependent components

First, we need to install Golang:

Snap install go-classic

Next, install BCC on the operating system.

Build the IPCDumpgit clone https://github.com/guardicore/IPCDumpcd IPCDump/cmd/ipcdumpgo build tool using. / ipcdump-hUsage of. / ipcdump:-B uint max number of bytes to dump per event, or 0 for complete event (may be large). Meaningful only if-x is specified. -D value filter by destination comm (can be specified more than once)-L do not output lost event information-P value filter by comm (either source or destination Can be specified more than once)-S value filter by source comm (can be specified more than once)-c uint exit after events-d value filter by destination pid (can be specified more than once)-f string output format (default is text) (default "text")-p value filter by pid (either source or destination Can be specified more than once)-s value filter by source pid (can be specified more than once)-t value filter by type (can be specified more than once). Possible values: a | all k | signal u | unix ud | unix-dgram us | unix-stream t | pty lo | loopback lt | loopback-tcp lu | loopback-udp p | pipe-x dump IPC bytes where relevant (rather than just event details). One-liner

Run with Root privileges:

# Export all IPC./ipcdump # in the target system. Export communication signals between any two processes. / ipcdump-t kill # Export all loopback TCP connections related to PID 1337. / ipcdump-t loopback-tcp-p 1337 # Export Unix socket IPC metadata and content. / ipcdump-t unix-x-S Xorg # Export pipeline I / O metadata and the first 64 bytes of data content in JSON format. / Ipcdump-t pipe-x-B 64-f json Thank you for your reading The above is the content of "how to use IPCDump to track inter-process communication on Linux". After the study of this article, I believe you have a deeper understanding of how to use IPCDump to track inter-process communication on Linux. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.