{"id":762,"date":"2013-02-18T21:39:39","date_gmt":"2013-02-18T21:39:39","guid":{"rendered":"https:\/\/trouble.org\/?p=762"},"modified":"2013-02-18T21:39:39","modified_gmt":"2013-02-18T21:39:39","slug":"omg-finally","status":"publish","type":"post","link":"https:\/\/trouble.org\/?p=762","title":{"rendered":"OMG, finally!"},"content":{"rendered":"<p>I&#8217;ve waited for a over a decade, but finally &#8211; per process packet tracing on the mac (mountain lion.) <a href=\"https:\/\/trouble.org\/wp-content\/uploads\/2013\/02\/apple-logo-sm.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-764 alignright\" title=\"apple-logo-sm\" src=\"https:\/\/trouble.org\/wp-content\/uploads\/2013\/02\/apple-logo-sm.gif\" alt=\"\" width=\"104\" height=\"128\" \/><\/a><\/p>\n<p>For example, finding out the traffic that a python script sends via UDP and the return (both python programs on the same machine); the first sends &#8220;foo&#8221;, the server sends what it got plus &#8220;bar&#8221;:<\/p>\n<div class=\"codecolorer-container text blackboard\" style=\"overflow:auto;white-space:nowrap;\"><div class=\"text codecolorer\"># dtrace -n 'syscall::sendto*:entry \/execname == &quot;Python&quot;\/ { printf(&quot;%s sock=%d sockadd=%x buffer[%d]=%s&quot;,execname, arg0, arg4, arg2, copyinstr(arg1) ); }'<br \/>\ndtrace: description 'syscall::sendto*:entry ' matched 2 probes<br \/>\nCPU ID FUNCTION:NAME<br \/>\n0 397 sendto:entry Python sock=3 sockadd=0 buffer[3]=foo<br \/>\n3 397 sendto:entry Python sock=4 sockadd=0 buffer[20]=got foo, sending bar<\/div><\/div>\n<p>Trivial example but finally, this is great.\u00a0 Dtrace, which looks cosmically cool, has been so useless on the mac for so long&#8230; thanks apple!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve waited for a over a decade, but finally &#8211; per process packet tracing on the mac (mountain lion.) For example, finding out the traffic that a python script sends via UDP and the return (both python programs on the same machine); the first sends &#8220;foo&#8221;, the server sends what it got plus &#8220;bar&#8221;: # [&hellip;]<\/p>\n","protected":false},"author":44,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31,32,6],"tags":[199,337,324,200,202,201,203,204],"class_list":["post-762","post","type-post","status-publish","format-standard","hentry","category-code","category-mac","category-tech","tag-apple","tag-dtrace","tag-mac","tag-mountain-lion","tag-packets","tag-processes","tag-woohoo","tag-woot"],"_links":{"self":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/762","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=762"}],"version-history":[{"count":4,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/762\/revisions"}],"predecessor-version":[{"id":767,"href":"https:\/\/trouble.org\/index.php?rest_route=\/wp\/v2\/posts\/762\/revisions\/767"}],"wp:attachment":[{"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=762"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=762"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trouble.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=762"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}