*BSD News Article 88718

Return to BSD News archive 

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!newsfeed.direct.ca!nntp.portal.ca!news.bc.net!arclight.uoregon.edu!su-news-hub1.bbnplanet.com!news.bbnplanet.com!cam-news-hub1.bbnplanet.com!howland.erols.net!math.ohio-state.edu!jussieu.fr!eurocontrol.fr!polaris.eurocontrol.fr!not-for-mail
From: roberto@eurocontrol.fr (Ollivier Robert)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: tcpdump of ppp?
Date: 7 Feb 1997 16:22:34 GMT
Organization: Eurocontrol EEC, Bretigny, France
Lines: 29
Message-ID: <5dfksa$pkh$3@polaris.eurocontrol.fr>
References: <5d4uuf$113@chronicle.concentric.net> <5d5t5c$m22$1@news1.sympatico.ca> <5dconp$nko@chronicle.concentric.net>
NNTP-Posting-Host: caerdonn.eurocontrol.fr
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsposter: Pnews 4.0-test53 (3 Feb 97)
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:35212

    [courtesy cc of this posting sent to cited author via email]

In article <5dconp$nko@chronicle.concentric.net>,
Rick Slater <Slater@cris.com> wrote:
> Thanks for all of the very useful information!  After reading Olliver
> Robert's post, I was able to rebuild my kernel and get tcpdump to
> work.  I didn't add the ktrace device, though, and wonder what I may
> be missing by not doing so.

The ability to trace binaries for syscall usage.

ktrace some.binary              store syscall info in ktrace.out
kdump                           display all syscalls like in 

 19207 ktrace   RET   ktrace 0
 19207 ktrace   CALL  execve(0xefbfd7cf,0xefbfd72c,0xefbfd734)
 19207 ktrace   NAMI  "./trn"
 19207 trn      RET   execve 0
 19207 trn      CALL  open(0x109c,0,0)
 19207 trn      NAMI  "/usr/libexec/ld.so"
 19207 trn      RET   open 3
 19207 trn      CALL  read(0x3,0xefbfd6d0,0x20)
 19207 trn      GIO   fd 3 read 32 bytes
       "Ì\0\M^FÀ\0Ð\0\0\0 \0\0\0\0\0\0\0\0\0\0 \0\0\0\0\0\0\0\0\0\0\0"
 19207 trn      RET   read 32/0x20

-- 
Ollivier ROBERT   -=- Eurocontrol EEC/TS -=-   Ollivier.Robert@eurocontrol.fr
FreeBSD FAQ: <URL:http://www.FreeBSD.org/FAQ/>