Feb 182013
I’ve waited for a over a decade, but finally – per process packet tracing on the mac (mountain lion.) 
For example, finding out the traffic that a python script sends via UDP and the return (both python programs on the same machine); the first sends “foo”, the server sends what it got plus “bar”:
# dtrace -n 'syscall::sendto*:entry /execname == "Python"/ { printf("%s sock=%d sockadd=%x buffer[%d]=%s",execname, arg0, arg4, arg2, copyinstr(arg1) ); }'
dtrace: description 'syscall::sendto*:entry ' matched 2 probes
CPU ID FUNCTION:NAME
0 397 sendto:entry Python sock=3 sockadd=0 buffer[3]=foo
3 397 sendto:entry Python sock=4 sockadd=0 buffer[20]=got foo, sending bar
dtrace: description 'syscall::sendto*:entry ' matched 2 probes
CPU ID FUNCTION:NAME
0 397 sendto:entry Python sock=3 sockadd=0 buffer[3]=foo
3 397 sendto:entry Python sock=4 sockadd=0 buffer[20]=got foo, sending bar
Trivial example but finally, this is great. Dtrace, which looks cosmically cool, has been so useless on the mac for so long… thanks apple!
Sorry, the comment form is closed at this time.