tcpwdist.d revision 1
080575042aba2197b425ebfd52061dea061a9aa1xy * tcpwdist.d - simple TCP write distribution by process.
080575042aba2197b425ebfd52061dea061a9aa1xy * Written in DTrace (Solaris 10 3/05).
080575042aba2197b425ebfd52061dea061a9aa1xy * This measures the size of writes from applications to the TCP level, which
080575042aba2197b425ebfd52061dea061a9aa1xy * may well be much larger than the MTU size (this is application writes not
080575042aba2197b425ebfd52061dea061a9aa1xy * packet writes). It can help identify which process is creating network
47b7744cbea59975a6b583125b7ed1ff2ac45313yy * traffic, and the size of the writes by that application. It uses a simple
080575042aba2197b425ebfd52061dea061a9aa1xy * probe that produces meaningful output for most protocols.
080575042aba2197b425ebfd52061dea061a9aa1xy * Tracking TCP activity by process is complex for a number of reasons,
080575042aba2197b425ebfd52061dea061a9aa1xy * the greatest is that inbound TCP traffic is asynchronous to the process.
080575042aba2197b425ebfd52061dea061a9aa1xy * The easiest TCP traffic to match is writes, which this script demonstrates.
080575042aba2197b425ebfd52061dea061a9aa1xy * However there are still issues - for an inbound telnet connection the
080575042aba2197b425ebfd52061dea061a9aa1xy * writes are associated with the command, for example "ls -l", not something
080575042aba2197b425ebfd52061dea061a9aa1xy * meaningful such as "in.telnetd".
080575042aba2197b425ebfd52061dea061a9aa1xy * Scripts that match TCP traffic properly include tcpsnoop and tcptop.
080575042aba2197b425ebfd52061dea061a9aa1xy * $Id: tcpwdist.d 3 2007-08-01 10:50:08Z brendan $
080575042aba2197b425ebfd52061dea061a9aa1xy * USAGE: tcpwdist.d # wait several seconds, then hit Ctrl-C
080575042aba2197b425ebfd52061dea061a9aa1xy * PID process ID
080575042aba2197b425ebfd52061dea061a9aa1xy * CMD command and argument list
080575042aba2197b425ebfd52061dea061a9aa1xy * value TCP write payload size in bytes
080575042aba2197b425ebfd52061dea061a9aa1xy * count number of writes
080575042aba2197b425ebfd52061dea061a9aa1xy * SEE ALSO: tcpsnoop, tcptop
080575042aba2197b425ebfd52061dea061a9aa1xy * COPYRIGHT: Copyright (c) 2005, 2006 Brendan Gregg.
080575042aba2197b425ebfd52061dea061a9aa1xy * CDDL HEADER START
080575042aba2197b425ebfd52061dea061a9aa1xy * The contents of this file are subject to the terms of the
080575042aba2197b425ebfd52061dea061a9aa1xy * Common Development and Distribution License, Version 1.0 only
080575042aba2197b425ebfd52061dea061a9aa1xy * (the "License"). You may not use this file except in compliance
080575042aba2197b425ebfd52061dea061a9aa1xy * with the License.
080575042aba2197b425ebfd52061dea061a9aa1xy * You can obtain a copy of the license at Docs/cddl1.txt
080575042aba2197b425ebfd52061dea061a9aa1xy * See the License for the specific language governing permissions
080575042aba2197b425ebfd52061dea061a9aa1xy * and limitations under the License.
080575042aba2197b425ebfd52061dea061a9aa1xy * CDDL HEADER END
080575042aba2197b425ebfd52061dea061a9aa1xy * 09-Jul-2004 Brendan Gregg Created this.
080575042aba2197b425ebfd52061dea061a9aa1xy * 14-Jun-2005 " " Rewrote this as tcpwdist.d.
080575042aba2197b425ebfd52061dea061a9aa1xy * 20-Apr-2006 " " Last update.
080575042aba2197b425ebfd52061dea061a9aa1xy * Print header
080575042aba2197b425ebfd52061dea061a9aa1xy * Process TCP Write
080575042aba2197b425ebfd52061dea061a9aa1xy /* fetch details */
080575042aba2197b425ebfd52061dea061a9aa1xy /* store details */
9b6541b318d01d0d83bfb98699a7f09e35f37951gl * Print final report