mirror of
https://github.com/Stichting-MINIX-Research-Foundation/netbsd.git
synced 2025-09-11 08:07:30 -04:00
69 lines
1.6 KiB
Plaintext
69 lines
1.6 KiB
Plaintext
.TH tcpsnoop.d 1m "$Date: 2015/09/30 22:01:09 $" "USER COMMANDS"
|
|
.SH NAME
|
|
tcpsnoop.d \- snoop TCP network packets by process. DTrace.
|
|
.SH SYNOPSIS
|
|
.B tcpsnoop.d
|
|
.SH DESCRIPTION
|
|
This analyses TCP network packets and prints the responsible PID and UID,
|
|
plus standard details such as IP address and port. This captures traffic
|
|
of newly created TCP connections that were established while this program
|
|
was running. It can help identify which processes is causing TCP traffic.
|
|
|
|
This is a DTrace only version of "tcpsnoop" - an enhanced program that
|
|
provides command line options.
|
|
|
|
Since this uses DTrace, only the root user or users with the
|
|
dtrace_kernel privilege can run this command.
|
|
.SH OS
|
|
Solaris 10 3/05
|
|
.SH STABILITY
|
|
unstable - this script uses fbt provider probes which may change for
|
|
future updates of the OS, invalidating this script. Please read
|
|
Docs/Notes/ALLfbt_notes.txt for further details about these fbt scripts.
|
|
.SH EXAMPLES
|
|
.TP
|
|
Default output, snoop TCP network packets with details,
|
|
#
|
|
.B tcpsnoop.d
|
|
.PP
|
|
.SH FIELDS
|
|
.TP
|
|
UID
|
|
user ID
|
|
.TP
|
|
PID
|
|
process ID
|
|
.TP
|
|
CMD
|
|
command name
|
|
.TP
|
|
LADDR
|
|
local IP address
|
|
.TP
|
|
RADDR
|
|
remote IP address
|
|
.TP
|
|
LPORT
|
|
local port number
|
|
.TP
|
|
RPORT
|
|
remote port number
|
|
.TP
|
|
DR
|
|
direction
|
|
.TP
|
|
SIZE
|
|
packet size, bytes
|
|
.PP
|
|
.SH DOCUMENTATION
|
|
See the DTraceToolkit for further documentation under the
|
|
Docs directory. The DTraceToolkit docs may include full worked
|
|
examples with verbose descriptions explaining the output.
|
|
.SH EXIT
|
|
tcpsnoop.d will print traffic until Ctrl\-C is hit.
|
|
.SH AUTHOR
|
|
Brendan Gregg
|
|
[Sydney, Australia]
|
|
.SH SEE ALSO
|
|
tcpsnoop(1M), tcptop(1M), dtrace(1M)
|