Reputation: 1367
How can I trace/snoop route changes?
I have a program that changes the routes on my mac. I want to trace what it is doing.
With some dtrace/dtruss, the best I can get is something like:
2455/0x833e: stat64("/sbin/route\0", 0x7FFEE9DB0740, 0x0) = 0 0
But this isn't good enough. I want to know what arguments route is being called with.
I've been doing a log of googling. I found a PDF of a talk (dtrace_workshop01_slides.pdf). It says:
DTrace can snoop route changes live
that'd be nice! But the slides don't say how to do it.
I turned off macOS SIP temporarily, and dtrace seems to work in general. I don't need the solution to be a dtrace solution.
Upvotes: 2
Views: 166
Answers (1)
Reputation: 1367
I stumbled upon /usr/bin/newproc.d script. It's built-in to macOS. It's a big dtrace script.
newproc.d | grep 'ifconfig\|route'
in another shell:
sudo route -n add -net 1.2.3.4/32 192.168.13.1
2021 Sep 7 22:16:55 10460 <10458> 64b route -n add -net 1.2.3.4/32 192.168.13.1
2021 Sep 7 22:17:04 10463 <10462> 64b route -n delete -net 1.2.3.4/32
Upvotes: 2
Related Questions
- How to trace system calls of a program in Mac OS X?
- Mac OSX: Using dtruss?
- When monitoring routing changes with rtnetlink, how can you get a new routes metric?
- Difficulty showing TCP information with dtrace on osx
- How to monitor routing decision on a linux router
- Getting routing table on MACOSX (programmatically)
- Tracing system calls using dtrace
- Debug command route in Linux
- Traceroute for MAC address
- Traceroute in Objective-C