Cannot filter for UDP traffic by port / show all event attributes to filter for

[guardiande]

I'd like to filter for UDP traffic to a specific port.

Here's an example:

echo "Hello Sysdig" | socat - udp:host:25827

Output from strace:

connect(5, {sa_family=AF_INET, sin_port=htons(25827), sin_addr=inet_addr("192.168.41.26")}, 16) = 0

Output from sysdig:

$ sysdig -w sysdig.scap proc.name=socat
$ sysdig -r sysdig.scap fd.port=25827           # no output
$ sysdig -r sysdig.scap evt.type=connect     # no relevant parameters of the connect syscall
962 20:51:13.037506893 1 socat (73703) > connect fd=5(<u>)
963 20:51:13.037531607 1 socat (73703) < connect res=-2(ENOENT) tuple=NULL
968 20:51:13.037544491 1 socat (73703) > connect fd=5(<u>)
969 20:51:13.037548948 1 socat (73703) < connect res=-2(ENOENT) tuple=NULL
1113 20:51:13.038145193 1 socat (73703) > connect fd=5(<4>)
1114 20:51:13.038155766 1 socat (73703) < connect res=0 tuple=NULL
1137 20:51:13.042224635 1 socat (73703) > connect fd=5(<4>)
1138 20:51:13.042229328 1 socat (73703) < connect res=0 tuple=NULL

Two questions:

1. How do I filter for UDP traffic on port 25287?
2. How could I output all attributes of an event that I can filter for? E.g. output all attributes of the connect syscall?

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[therealbobo]

Hi @guardiande! It seems to work fine! Could you take a look? 😄

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.