Skip to content

Network Events POC #4993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Network Events POC #4993

wants to merge 2 commits into from

Conversation

@josedonizetti
Copy link
Collaborator

@josedonizetti josedonizetti commented Oct 22, 2025
edited
Loading 

sudo ./dist/tracee --events=new_net_packet_ipv4
TIME             UID    COMM             PID     TID     RET              EVENT                     ARGS
18:34:52:754072  1000   Chrome_ChildIOT  4039    4044    0                new_net_packet_ipv4       version: 4, IHL: 5, TOS: 0, length: 162, id: 35868, flags: 2, fragOffset: 0, TTL: 64, protocol: 6, checksum: 32939, src: 39.86.168.192, dst: 22.86.168.192
18:34:52:754072  1000   Chrome_ChildIOT  4039    4044    0                new_net_packet_ipv4       version: 4, IHL: 5, TOS: 0, length: 162, id: 32307, flags: 2, fragOffset: 0, TTL: 64, protocol: 6, checksum: 36500, src: 22.86.168.192, dst: 39.86.168.192
18:34:52:754072  1000   Chrome_ChildIOT  4039    4044    0                new_net_packet_ipv4       version: 4, IHL: 5, TOS: 0, length: 52, id: 35869, flags: 2, fragOffset: 0, TTL: 64, protocol: 6, checksum: 33048, src: 39.86.168.192, dst: 22.86.168.192
18:34:53:030095  1000   Chrome_ChildIOT  4039    4044    0                new_net_packet_ipv4       version: 4, IHL: 5, TOS: 0, length: 62, id: 45965, flags: 2, fragOffset: 0, TTL: 64, protocol: 17, checksum: 35051, src: 1.0.0.127, dst: 53.0.0.127
18:34:53:030331  1000   Chrome_ChildIOT  4039    4044    0                new_net_packet_ipv4       version: 4, IHL: 5, TOS: 0, length: 62, id: 43313, flags: 2, fragOffset: 0, TTL: 64, protocol: 17, checksum: 37703, src: 1.0.0.127, dst: 53.0.0.127
18:34:53:030331  101    systemd-resolve  992     992     0                new_net_packet_ipv4       version: 4, IHL: 5, TOS: 0, length: 62, id: 43313, flags: 2, fragOffset: 0, TTL: 64, protocol: 17, checksum: 37703, src: 1.0.0.127, dst: 53.0.0.127
18:34:53:030621  101    systemd-resolve  992     992     0                new_net_packet_ipv4       version: 4, IHL: 5, TOS: 0, length: 73, id: 63329, flags: 0, fragOffset: 0, TTL: 64, protocol: 17, checksum: 21961, src: 39.86.168.192, dst: 1.86.168.192

@NDStrahilevitz
Copy link
Collaborator

FYI a while back rafael tinoco and I introduced a PacketMetadata struct so that we standardize what goes into all net events and separate it from the protocol specific data. So maybe this is a good opportunity to make full use of it (currently it only contains the packet direction).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@josedonizetti josedonizetti

Labels

area/ebpf area/events area/grpc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@josedonizetti @NDStrahilevitz