1tcptracer(8)                System Manager's Manual               tcptracer(8)
2
3
4

NAME

6       tcptracer - Trace TCP established connections. Uses Linux eBPF/bcc.
7

SYNOPSIS

9       tcptracer [-h] [-v] [-p PID] [-N NETNS]
10

DESCRIPTION

12       This  tool traces established TCP connections that open and close while
13       tracing, and prints a line of output  per  connect,  accept  and  close
14       events. This includes the type of event, PID, IP addresses and ports.
15
16       This  tool  works  by using kernel dynamic tracing, and will need to be
17       updated if the kernel implementation changes. Only established TCP con‐
18       nections  are  traced, so it is expected that the overhead of this tool
19       is rather low.
20
21       Since this uses BPF, only the root user can use this tool.
22

REQUIREMENTS

24       CONFIG_BPF and bcc.
25

OPTIONS

27       -h     Print usage message.
28
29       -v     Print full lines, with long event type names and network  names‐
30              pace numbers.
31
32       -p PID Trace this process ID only (filtered in-kernel).
33
34       -N NETNS
35              Trace this network namespace only (filtered in-kernel).
36
37
38       EXAMPLES
39
40       Trace all TCP established connections:
41              # tcptracer
42
43       Trace all TCP established connections with verbose lines:
44              # tcptracer -v
45
46       Trace PID 181 only:
47              # tcptracer -p 181
48
49       Trace connections in network namespace 4026531969 only:
50              # tcptracer -N 4026531969
51

FIELDS

53       TYPE   Type of event. In non-verbose mode: C for connect, A for accept,
54              X for close.
55
56       PID    Process ID
57
58       COMM   Process name
59
60       IP     IP address family (4 or 6)
61
62       SADDR  Source IP address.
63
64       DADDR  Destination IP address.
65
66       SPORT  Source port.
67
68       DPORT  Destination port.
69
70       NETNS  Network namespace where the event originated.
71

OVERHEAD

73       This traces the kernel inet  accept  function,  and  the  TCP  connect,
74       close, and set state functions. However, it only prints information for
75       connections that are established, so it shouldn't have a huge overhead.
76
77       As always, test and understand this tools overhead for  your  types  of
78       workloads before production use.
79

SOURCE

81       This is from bcc.
82
83              https://github.com/iovisor/bcc
84
85       Also  look  in  the bcc distribution for a companion _examples.txt file
86       containing example usage, output, and commentary for this tool.
87

OS

89       Linux
90

STABILITY

92       Unstable - in development.
93

AUTHOR

95       Iago López Galeiras
96

SEE ALSO

98       tcpaccept(8), tcpconnect(8), tcptop(8), tcplife(8)
99
100
101
102USER COMMANDS                     2017-03-27                      tcptracer(8)
Impressum