如果我正确理解你的话,你对以下一点基本感兴趣:、 字幕() 具体网络系统电话?
Possibly a combination of a profiler and a debugger, for network applications (i.e. ntrace ), providing a detailed analysis of various optional measurements?
strace 实用性主要基于由Lino kernel提供的功能,即:ptrace(过程追踪)。 页: 1
Using ptrace, it should be possible to obtain most of the data that you re interested in.
在Windows,你或许希望查看detours,以便拦截/redirect Winsock API,要求检查/基准。
如果你真的需要所有这种低水平的信息,那么你或许也可以直接使用平级(直线)并且只能用它来追踪某些系统的需求,例如,考虑以下线,仅能追踪公开回忆(使用额外参数——FLE参数,你可以将所有产出转向产出档案):
。
通过增加一只旗帜以 st笑,你可以提高获得额外信息的快艇(当与许多小壳公用事业公司和独立工具组成的SCM公司合作时,你或许也希望利用国旗,以便也遵循被遗忘的程序)。
因此,你感兴趣的是,所有与/sockets有关,即:
- accept
- bind
- connect
- getpeername
- getsockname
- getsockopt
- listen
- recv
- recvfrom
- send
- sendto
- setsockopt
- shutdown
- socket
- socketpair
(一开始,你可能只想处理发出的....../recv......电话,但)
为了简化这项工作,你还可以将“网络”作为追踪参数,追踪所有与网络有关的电话:
-e trace=network: Trace all the network related system calls.
因此,相应地援引:
strace -v -e trace=accept,bind,connect,getpeername,getsockname,getsockopt,listen,recv,recvfrom,send,sendto setsockopt,shutdown,socket,socketpair -o results.log -f git pull
当方案完成时,你主要希望审查记录,以评价数据,然后通过使用定期表述很容易实现。
For example, when running the following in a linux shell:
strace -v -o wget.log -e trace=connect,recv,recvfrom,send,sendto wget http://www.google.com
由此产生的记录中包含诸如以下信息:
- recv(3, "HTTP/1.0 302 Found
Location: htt"..., 511, MSG_PEEK) = 511
- sendto(4, "24���26�13^206*J��������"..., 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
Looking at the man pages for these two system calls, it s obvious that 511 and respectively 20 are the number of bytes that are transferred. If you also need detailed timing information, you can pass the -T flag to strace:
-T - 每一次扫描的印刷时间
此外,可以通过悬挂以下国旗获取一些统计数据:
-c: Count time, calls, and errors for each system call and report a summary on program
exit. On Linux, this attempts to show system time (CPU time spent running in the kernel)
independent of wall clock time. If -c is used with -f or -F (below), only aggregate
totals for all traced processes are kept.
如果你还需要审查所处理的实际数据,你不妨研究阅读/测试的光谱仪:
-e read=set: Perform a full hexadecimal and ASCII dump of all the data read from file
descriptors listed in the specified set. For example, to see all input activity on file
descriptors 3 and 5 use -e read=3,5. Note that this is independent from the normal
tracing of the read(2) system call which is controlled by the option -e trace=read.
-e write=set: Perform a full hexadecimal and ASCII dump of all the data written to file
descriptors listed in the specified set. For example, to see all output activity on file
descriptors 3 and 5 use -e write=3,5. Note that this is independent from the normal
tracing of the write(2) system call which is controlled by the option -e trace=write.
你们也可以根据体力的最大长度:
-s strsize: Specify the maximum string size to print (the default is 32). Note that
filenames are not considered strings and are always printed in full
或者说有str被丢弃:
-xx: Print all strings in hexadecimal string format.
因此,如果你发现需要额外的低水平信息,你可能希望考虑扩大race,或向
然而,如果更多地考虑这一问题,采用一个比较简单网络交通基准的平台比较少,则采用某种中间层,在客户与实际服务器之间使用:一个基本计量的服务器,分析并向实际服务器转移交通工具。
远如代理服务器(例如SOCKS),这样所有交通都是通过你的分析仪进行铺设的,这反过来又可以积累统计和其他衡量标准。
类似这种基本版本可能很容易通过使用净目录和一些手稿加以合并,但较复杂的版本则可能从使用 per或假冒中获益。
关于SOCKS服务器的安装情况,请查看pysocks。
此外,还开设了。 注:
Twisted is an event-driven networking engine written in Python
and licensed under the MIT license.
如果你确实需要更低水平的信息,那么你很可能真的想要看拦截系统电话。
If you also need protocol-specific efficiency data, you might want to look into tcpdump.
