tcptop - display top TCP network packets by process. Uses DTrace. tcptop [-Ch] [-j|-Z] [interval [count]] This analyses TCP network packets and prints the responsible PID and UID, plus standard details such as IP address and port. This captures traffic of newly created TCP connections that were established while this program was running. It can help identify which processes is causing TCP traffic. Since this uses DTrace, only the root user or users with the dtrace_kernel privilege can run this command. Solaris 10 3/05 unstable - this script uses fbt provider probes which may change for future updates of the OS, invalidating this script. Please read Docs/Notes/ALLfbt_notes.txt for further details about these fbt scripts.

-C don't clear the screen

-j print project IDs

-Z print zone IDs

interval sample seconds between refreshing the screen

count number of samples

Print a report every 5 seconds, # tcptop

Don't clear the screen, scrolling output, # tcptop -C

Print project IDs, # tcptop -j

Print zone IDs, # tcptop -Z

UID user ID

PID process ID

CMD command name

LADDR local IP address

RADDR remote IP address

LPORT local port number

RPORT remote port number

SIZE packet size, bytes

load 1 minute load average

TCPin total TCP inbound payload data

TCPout total TCP outbound payload data

ZONE zone ID

PROJ project ID

See the DTraceToolkit for further documentation under the Docs directory. The DTraceToolkit docs may include full worked examples with verbose descriptions explaining the output. tcptop will print reports until Ctrl-C is hit, or the specified count is reached. Brendan Gregg [Sydney, Australia] tcpsnoop(1M), dtrace(1M)