diff options
| -rwxr-xr-x | bpftrace-checkping | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/bpftrace-checkping b/bpftrace-checkping new file mode 100755 index 0000000..2b99c7b --- /dev/null +++ b/bpftrace-checkping @@ -0,0 +1 @@ +sudo bpftrace -e 'tracepoint:syscalls:sys_enter_execve { $f = str(args->filename); if ($f == "/usr/bin/ping" || $f == "/bin/ping") { printf("PID %d (%s) executed ping\n", pid, comm); } }' |