#!/usr/sbin/dtrace -s
/*
 * udpsnoop - snoop UDP network packets by process.
 *	Written using DTrace udp Provider.
 *
 * This analyses UDP network packets and prints the responsible PID plus
 * standard details such as IP address and port. This captures traffic
 * from existing and newly created UDP connections. It can help identify
 * which processes are causing UDP traffic.
 */
/*
 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
 *
 * Portions Copyright 2010 Brendan Gregg
 */

#pragma D option quiet
#pragma D option switchrate=10hz

dtrace:::BEGIN
{
	printf("%6s %6s %15s:%-5s      %15s:%-5s %6s\n",
	    "TIME", "PID", "LADDR", "PORT", "RADDR", "PORT", "BYTES");
}

udp:::send
{
	printf("%6d %6d %15s:%-5d  ->  %15s:%-5d %6d\n",
	    timestamp/1000, args[1]->cs_pid, args[2]->ip_saddr,
	    args[4]->udp_sport, args[2]->ip_daddr, args[4]->udp_dport,
	    args[4]->udp_length);
}

udp:::receive
{
	printf("%6d %6d %15s:%-5d  <-  %15s:%-5d %6d\n",
	    timestamp/1000, args[1]->cs_pid, args[2]->ip_daddr,
	    args[4]->udp_dport, args[2]->ip_saddr, args[4]->udp_sport,
	    args[4]->udp_length);
}