Yesterday at the CEC 2006 conference, Bryan Cantrill and I gave a demonstration of a prototype DTrace tcp provider, which is one of a suggested collection of DTrace network providers. I've just put together a website to list the demonstrations performed - CEC 2006 DTrace TCP.
Below are a couple of examples from the website. tcpio2.d traces TCP traffic and provides IP address, TCP port, TCP payload size and TCP flag information:
# ./tcpio2.d
LADDR:PORT RADDR:PORT BYTES FLAGS
192.168.1.185:79 <- 192.168.1.109:56145 0 (SYN)
192.168.1.185:79 -> 192.168.1.109:56145 0 (SYN|ACK)
192.168.1.185:79 <- 192.168.1.109:56145 0 (ACK)
192.168.1.185:79 <- 192.168.1.109:56145 2 (PUSH|ACK)
192.168.1.185:79 -> 192.168.1.109:56145 0 (ACK)
192.168.1.185:79 -> 192.168.1.109:56145 126 (PUSH|ACK)
192.168.1.185:79 <- 192.168.1.109:56145 0 (ACK)
192.168.1.185:79 -> 192.168.1.109:56145 0 (FIN|ACK)
192.168.1.185:79 <- 192.168.1.109:56145 0 (ACK)
192.168.1.185:79 <- 192.168.1.109:56145 0 (FIN|ACK)
192.168.1.185:79 -> 192.168.1.109:56145 0 (ACK)
^C
And tcpaccept2.d aggregates inbound connections by hostname and service name,
# ./tcpaccept2.d dtrace: script './tcpaccept2.d' matched 1 probe Tracing... Hit Ctrl-C to end. ^C HOSTNAME PORT COUNT marlin6 finger 1 bass login 2 marlin ssh 2 marlin telnet 2 marlin finger 3
The source to these scripts and numerous other demonstrations are on the website. Check DTrace discuss for discussions about this prototype provider.
I caught the demo, very cool stuff. I'm looking forward to BFU archives or even better-- a putback. :)
Thanks for the demo at CEC!
Posted by Matt Ingenthron on October 09, 2006 at 06:12 PM PDT #