1tcpaccept(8)                System Manager's Manual               tcpaccept(8)
2
3
4

NAME

6       tcpaccept  -  Trace  TCP  passive  connections  (accept()).  Uses Linux
7       eBPF/bcc.
8

SYNOPSIS

10       tcpaccept [-h] [-t] [-x] [-p PID]
11

DESCRIPTION

13       This tool traces passive TCP connections (eg, via an accept()  syscall;
14       connect() are active connections). This can be useful for general trou‐
15       bleshooting to see what new connections the local server is accepting.
16
17       This uses dynamic tracing of the kernel inet_csk_accept() socket  func‐
18       tion (from tcp_prot.accept), and will need to be modified to match ker‐
19       nel changes.
20
21       This tool only traces successful TCP accept()s. Connection attempts  to
22       closed  ports  will  not  be shown (those can be traced via other func‐
23       tions).
24
25       Since this uses BPF, only the root user can use this tool.
26

REQUIREMENTS

28       CONFIG_BPF and bcc.
29

OPTIONS

31       -h     Print usage message.
32
33       -t     Include a timestamp column.
34
35       -p PID Trace this process ID only (filtered in-kernel).
36

EXAMPLES

38       Trace all passive TCP connections (accept()s):
39              # tcpaccept
40
41       Trace all TCP accepts, and include timestamps:
42              # tcpaccept -t
43
44       Trace PID 181 only:
45              # tcpaccept -p 181
46

FIELDS

48       TIME(s)
49              Time of the event, in seconds.
50
51       PID    Process ID
52
53       COMM   Process name
54
55       IP     IP address family (4 or 6)
56
57       RADDR  Remote IP address.
58
59       LADDR  Local IP address.
60
61       LPORT  Local port
62

OVERHEAD

64       This traces the kernel inet_csk_accept function and prints  output  for
65       each event.  The rate of this depends on your server application. If it
66       is a web or proxy server accepting many tens of  thousands  of  connec‐
67       tions  per  second,  then  the  overhead of this tool may be measurable
68       (although, still a lot better than tracing every packet). If it is less
69       than  a thousand a second, then the overhead is expected to be negligi‐
70       ble. Test and understand this overhead before use.
71

SOURCE

73       This is from bcc.
74
75              https://github.com/iovisor/bcc
76
77       Also look in the bcc distribution for a  companion  _examples.txt  file
78       containing example usage, output, and commentary for this tool.
79

OS

81       Linux
82

STABILITY

84       Unstable - in development.
85

AUTHOR

87       Brendan Gregg
88

SEE ALSO

90       tcpconnect(8), funccount(8), tcpdump(8)
91
92
93
94USER COMMANDS                     2015-08-25                      tcpaccept(8)
Impressum