Systems Performance 2nd Ed.

BPF Performance Tools book

Recent posts:
Blog index

DTrace TCP provider at CEC 2006

05 Oct 2006

I originally posted this at

Yesterday at the CEC 2006 conference, Bryan Cantrill and I gave a demonstration of a prototype DTrace tcp provider that I've been developing, which is one of a suggested collection of DTrace network providers. I've just put together a website to list the demonstrations performed: CEC 2006 DTrace TCP.

Below are a couple of examples from the website. My tcpio2.d tool traces TCP traffic and provides IP address, TCP port, TCP payload size and TCP flag information:

# ./tcpio2.d
           LADDR:PORT                 RADDR:PORT   BYTES FLAGS     <-      0 (SYN)     ->      0 (SYN|ACK)     <-      0 (ACK)     <-      2 (PUSH|ACK)     ->      0 (ACK)     ->    126 (PUSH|ACK)     <-      0 (ACK)     ->      0 (FIN|ACK)     <-      0 (ACK)     <-      0 (FIN|ACK)     ->      0 (ACK)

And tcpaccept2.d aggregates inbound connections by hostname and service name:

# ./tcpaccept2.d
dtrace: script './tcpaccept2.d' matched 1 probe
Tracing... Hit Ctrl-C to end.
   HOSTNAME                   PORT        COUNT
   marlin6                    finger          1
   bass                       login           2
   marlin                     ssh             2
   marlin                     telnet          2
   marlin                     finger          3

The source to these scripts and numerous other demonstrations are on the website. Check DTrace discuss for discussions about this prototype provider.