tracee

tracee copied to clipboard

This is a draft. There are some issues I'm already aware, so no full review should be done, please (not yet). BUT, feel free to get familiarized with this if you need/want.

$ sudo ./dist/tracee-ebpf --output format:json -t event=new_net_packet,new_dns_request -t comm=nc,ping

PS: DNS event is not actually a DNS event (yet), just testing things around.

Full tracing (all processes) network probes do not seem to be causing slowdowns in a simple Gbit network:

I'm closing this for a new cleaned/rebased PR.