1#!/usr/sbin/dtrace -s 2/* 3 * tcpwdist.d - simple TCP write distribution by process. 4 * Written in DTrace (Solaris 10 3/05). 5 * 6 * This measures the size of writes from applications to the TCP level, which 7 * may well be much larger than the MTU size (this is application writes not 8 * packet writes). It can help identify which process is creating network 9 * traffic, and the size of the writes by that application. It uses a simple 10 * probe that produces meaningful output for most protocols. 11 * 12 * Tracking TCP activity by process is complex for a number of reasons, 13 * the greatest is that inbound TCP traffic is asynchronous to the process. 14 * The easiest TCP traffic to match is writes, which this script demonstrates. 15 * However there are still issues - for an inbound telnet connection the 16 * writes are associated with the command, for example "ls -l", not something 17 * meaningful such as "in.telnetd". 18 * 19 * Scripts that match TCP traffic properly include tcpsnoop and tcptop. 20 * 21 * 20-Apr-2006, ver 0.81 22 * 23 * USAGE: tcpwdist.d # wait several seconds, then hit Ctrl-C 24 * 25 * FIELDS: 26 * PID process ID 27 * CMD command and argument list 28 * value TCP write payload size in bytes 29 * count number of writes 30 * 31 * SEE ALSO: tcpsnoop, tcptop 32 * 33 * COPYRIGHT: Copyright (c) 2005, 2006 Brendan Gregg. 34 * 35 * CDDL HEADER START 36 * 37 * The contents of this file are subject to the terms of the 38 * Common Development and Distribution License, Version 1.0 only 39 * (the "License"). You may not use this file except in compliance 40 * with the License. 41 * 42 * You can obtain a copy of the license at Docs/cddl1.txt 43 * or http://www.opensolaris.org/os/licensing. 44 * See the License for the specific language governing permissions 45 * and limitations under the License. 46 * 47 * CDDL HEADER END 48 * 49 * 09-Jul-2004 Brendan Gregg Created this. 50 * 14-Jun-2005 " " Rewrote this as tcpwdist.d. 51 */ 52 53#pragma D option quiet 54 55/* 56 * Print header 57 */ 58dtrace:::BEGIN 59{ 60 printf("Tracing... Hit Ctrl-C to end.\n"); 61} 62 63/* 64 * Process TCP Write 65 */ 66fbt:ip:tcp_output:entry 67{ 68 /* fetch details */ 69 this->size = msgdsize(args[1]); 70 71 /* store details */ 72 @Size[pid, curpsinfo->pr_psargs] = quantize(this->size); 73} 74 75/* 76 * Print final report 77 */ 78dtrace:::END 79{ 80 printa(" PID: %-6d CMD: %S\n%@d\n", @Size); 81} 82