1#!/usr/sbin/dtrace -s
2/*
3 * tcpwdist.d - simple TCP write distribution by process.
4 *              Written in DTrace (Solaris 10 3/05).
5 *
6 * This measures the size of writes from applications to the TCP level, which
7 * may well be much larger than the MTU size (this is application writes not
8 * packet writes). It can help identify which process is creating network
9 * traffic, and the size of the writes by that application. It uses a simple
10 * probe that produces meaningful output for most protocols.
11 *
12 * Tracking TCP activity by process is complex for a number of reasons,
13 * the greatest is that inbound TCP traffic is asynchronous to the process.
14 * The easiest TCP traffic to match is writes, which this script demonstrates.
15 * However there are still issues - for an inbound telnet connection the
16 * writes are associated with the command, for example "ls -l", not something
17 * meaningful such as "in.telnetd".
18 *
19 * Scripts that match TCP traffic properly include tcpsnoop and tcptop.
20 *
21 * $Id: tcpwdist.d 3 2007-08-01 10:50:08Z brendan $
22 *
23 * USAGE:       tcpwdist.d          # wait several seconds, then hit Ctrl-C
24 *
25 * FIELDS:
26 *		PID	process ID
27 *		CMD	command and argument list
28 *		value	TCP write payload size in bytes
29 *		count	number of writes
30 *
31 * SEE ALSO:	tcpsnoop, tcptop
32 *
33 * COPYRIGHT: Copyright (c) 2005, 2006 Brendan Gregg.
34 *
35 * CDDL HEADER START
36 *
37 *  The contents of this file are subject to the terms of the
38 *  Common Development and Distribution License, Version 1.0 only
39 *  (the "License").  You may not use this file except in compliance
40 *  with the License.
41 *
42 *  You can obtain a copy of the license at Docs/cddl1.txt
43 *  or http://www.opensolaris.org/os/licensing.
44 *  See the License for the specific language governing permissions
45 *  and limitations under the License.
46 *
47 * CDDL HEADER END
48 *
49 * 09-Jul-2004	Brendan Gregg	Created this.
50 * 14-Jun-2005	   "      "	Rewrote this as tcpwdist.d.
51 * 20-Apr-2006	   "      "	Last update.
52 */
53
54#pragma D option quiet
55
56/*
57 * Print header
58 */
59dtrace:::BEGIN
60{
61	printf("Tracing... Hit Ctrl-C to end.\n");
62}
63
64/*
65 * Process TCP Write
66 */
67fbt:ip:tcp_output:entry
68{
69	/* fetch details */
70	this->size = msgdsize(args[1]);
71
72	/* store details */
73	@Size[pid, curpsinfo->pr_psargs] = quantize(this->size);
74}
75
76/*
77 * Print final report
78 */
79dtrace:::END
80{
81	printa(" PID: %-6d CMD: %S\n%@d\n", @Size);
82}
83