1#!/usr/sbin/dtrace -s
2/*
3 * tcpwdist.d - simple TCP write distribution by process.
4 *              Written in DTrace (Solaris 10 3/05).
5 *
6 * This measures the size of writes from applications to the TCP level, which
7 * may well be much larger than the MTU size (this is application writes not
8 * packet writes). It can help identify which process is creating network
9 * traffic, and the size of the writes by that application. It uses a simple
10 * probe that produces meaningful output for most protocols.
11 *
12 * Tracking TCP activity by process is complex for a number of reasons,
13 * the greatest is that inbound TCP traffic is asynchronous to the process.
14 * The easiest TCP traffic to match is writes, which this script demonstrates.
15 * However there are still issues - for an inbound telnet connection the
16 * writes are associated with the command, for example "ls -l", not something
17 * meaningful such as "in.telnetd".
18 *
19 * Scripts that match TCP traffic properly include tcpsnoop and tcptop.
20 *
21 * 20-Apr-2006, ver 0.81
22 *
23 * USAGE:       tcpwdist.d          # wait several seconds, then hit Ctrl-C
24 *
25 * FIELDS:
26 *		PID	process ID
27 *		CMD	command and argument list
28 *		value	TCP write payload size in bytes
29 *		count	number of writes
30 *
31 * SEE ALSO:	tcpsnoop, tcptop
32 *
33 * COPYRIGHT: Copyright (c) 2005, 2006 Brendan Gregg.
34 *
35 * CDDL HEADER START
36 *
37 *  The contents of this file are subject to the terms of the
38 *  Common Development and Distribution License, Version 1.0 only
39 *  (the "License").  You may not use this file except in compliance
40 *  with the License.
41 *
42 *  You can obtain a copy of the license at Docs/cddl1.txt
43 *  or http://www.opensolaris.org/os/licensing.
44 *  See the License for the specific language governing permissions
45 *  and limitations under the License.
46 *
47 * CDDL HEADER END
48 *
49 * 09-Jul-2004	Brendan Gregg	Created this.
50 * 14-Jun-2005	   "      "	Rewrote this as tcpwdist.d.
51 */
52
53#pragma D option quiet
54
55/*
56 * Print header
57 */
58dtrace:::BEGIN
59{
60	printf("Tracing... Hit Ctrl-C to end.\n");
61}
62
63/*
64 * Process TCP Write
65 */
66fbt:ip:tcp_output:entry
67{
68	/* fetch details */
69	this->size = msgdsize(args[1]);
70
71	/* store details */
72	@Size[pid, curpsinfo->pr_psargs] = quantize(this->size);
73}
74
75/*
76 * Print final report
77 */
78dtrace:::END
79{
80	printa(" PID: %-6d CMD: %S\n%@d\n", @Size);
81}
82