Os - Process

1 - About

3 - Management

3.1 - Event monitoring

3.1.1 - strace

OS - strace (Interactions between processes and the Linux kernel)

To start and monitor an new process:

strace -f -e trace=network -s 10000 PROCESS ARGUMENTS

To monitor an existing process with a known PID:

strace -p $PID -f -e trace=network -s 10000

3.1.2 - ProcMon

procmon can capture network event. Open the chm file

Process Monitor uses Event Tracing for Windows (ETW) to trace and record TCP and UDP activity. Each network operation includes the source and destination addresses, as well as the amount of data sent or received, but does not include the actual data.

Scripting:

set PM=C:\sysint\procmon.exe

REM ensures that the process detaches from the console window, which allows it to run concurrently with the later commands.
start %PM% /quiet /minimized /backingfile C:\temp\notepad.pml

REM the batch file to pause until the first instance is up and running and actively capturing events. 
%PM% /waitforidle

REM Start application and wait for it to terminate.
start /wait notepad.exe

REM the first instance to stop capturing, commit any outstanding data to the backing file and exit cleanly. 
%PM% /terminate

where Dos - Start Command

os/process.txt ยท Last modified: 2018/09/22 17:23 by gerardnico