Skip to content
/ lomond Public

Named After the Scottish loch, Lomond is a simple example on how to use kprobes in an LKM for learning purposes and gainning a deeper understanding of the Linux kernel.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Assaf-R/lomond

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
Readme.md
Readme.md
 
 
lomond.c
lomond.c
 
 

Repository files navigation

Lomond - Socket connection probe

Who this?

Named After the Scottish loch, Lomond is a simple example on how to use kprobes in an LKM for learning purposes and gainning a deeper understanding of the Linux kernel.

This program creates a kprobe and attaches it to the __sys_connect syscall, every time a connection is made a check will be made if it's an IPv4 socket, and if so the target address and port wil be logged in the kernel logs as such.

[Mon Dec 30 17:48:00 2024] Lomond - connection made - 8.8.8.8:260

Makefile tricks

To compile

make

To load compiled LKM

make i

To remove loaded LKM

make r

To ping google.com once (easy networking check)

make t

To compile, load compiled LKM, and ping google.com

make full

To print kernel logs (dmsg) and filter with our keyword

make d

credits

Written by Assaf R.

About

Named After the Scottish loch, Lomond is a simple example on how to use kprobes in an LKM for learning purposes and gainning a deeper understanding of the Linux kernel.

Topics

linux security linux-kernel lkm kprobes kprobe

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages