DTrace TCP Provider at CEC 2006

Yesterday at the CEC 2006 conference, Bryan Cantrill and I gave a demonstration of a prototype DTrace tcp provider, which is one of a suggested collection of DTrace network providers. I've just put together a website to list the demonstrations performed - CEC 2006 DTrace TCP.

Below are a couple of examples from the website. tcpio2.d traces TCP traffic and provides IP address, TCP port, TCP payload size and TCP flag information:

# ./tcpio2.d
           LADDR:PORT                 RADDR:PORT   BYTES FLAGS
   192.168.1.185:79     <-    192.168.1.109:56145      0 (SYN)
   192.168.1.185:79     ->    192.168.1.109:56145      0 (SYN|ACK)
   192.168.1.185:79     <-    192.168.1.109:56145      0 (ACK)
   192.168.1.185:79     <-    192.168.1.109:56145      2 (PUSH|ACK)
   192.168.1.185:79     ->    192.168.1.109:56145      0 (ACK)
   192.168.1.185:79     ->    192.168.1.109:56145    126 (PUSH|ACK)
   192.168.1.185:79     <-    192.168.1.109:56145      0 (ACK)
   192.168.1.185:79     ->    192.168.1.109:56145      0 (FIN|ACK)
   192.168.1.185:79     <-    192.168.1.109:56145      0 (ACK)
   192.168.1.185:79     <-    192.168.1.109:56145      0 (FIN|ACK)
   192.168.1.185:79     ->    192.168.1.109:56145      0 (ACK)
\^C

And tcpaccept2.d aggregates inbound connections by hostname and service name,

# ./tcpaccept2.d
dtrace: script './tcpaccept2.d' matched 1 probe
Tracing... Hit Ctrl-C to end.
\^C
   HOSTNAME                   PORT        COUNT
   marlin6                    finger          1
   bass                       login           2
   marlin                     ssh             2
   marlin                     telnet          2
   marlin                     finger          3

The source to these scripts and numerous other demonstrations are on the website. Check DTrace discuss for discussions about this prototype provider.

Comments:

Post a Comment:
Comments are closed for this entry.
About

Brendan Gregg, Fishworks engineer

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today