Home | History | Annotate | Line # | Download | only in man1m 
 tcpsnoop 1m "$Date: 2015/09/30 22:01:09 $" "USER COMMANDS"
 NAME
tcpsnoop - snoop TCP network packets by process. Uses DTrace.

 SYNOPSIS
 tcpsnoop [-a|hjsvZ] [-n name] [-p pid]

 DESCRIPTION
This analyses TCP network packets and prints the responsible PID and UID,
plus standard details such as IP address and port. This captures traffic
of newly created TCP connections that were established while this program
was running. It can help identify which processes is causing TCP traffic.

Since this uses DTrace, only the root user or users with the
dtrace_kernel privilege can run this command.

 OS
Solaris Nevada / OpenSolaris, circa late 2007

 STABILITY
unstable - this script uses fbt provider probes which may change for
future updates of the OS, invalidating this script. Please read
Docs/Notes/ALLfbt_notes.txt for further details about these fbt scripts.

 OPTIONS

-a
print all data


-j
print project ID


-s
print time, us


-v
print time, string


-Z
print zone ID


-n name
command name to snoop


-p PID
process ID to snoop



 EXAMPLES

Default output, snoop TCP network packets with details,
# 
 tcpsnoop 

Print human readable timestamps,
#
 tcpsnoop -v


Print zonename,
#
 tcpsnoop -Z


Print sshd traffic only,
#
 tcpsnoop -n sshd



 FIELDS

UID
user ID


PID
process ID


CMD
command name


LADDR
local IP address


RADDR
remote IP address


LPORT
local port number


RPORT
remote port number


DR
direction


SIZE
packet size, bytes


TIME
timestamp, us


STRTIME
human readable timestamp, string


ZONE
zone ID


PROJ
project ID



 DOCUMENTATION
See the DTraceToolkit for further documentation under the 
Docs directory. The DTraceToolkit docs may include full worked
examples with verbose descriptions explaining the output.

 EXIT
tcpsnoop will print traffic until Ctrl-C is hit.

 AUTHOR
Brendan Gregg
[Sydney, Australia]

 SEE ALSO
tcptop(1M), dtrace(1M)