1tcpconnect(8)               System Manager's Manual              tcpconnect(8)
2
3
4

NAME

6       tcpconnect.bt  -  Trace  TCP active connections (connect()). Uses Linux
7       bpftrace/eBPF
8

SYNOPSIS

10       tcpconnect.bt
11

DESCRIPTION

13       This tool traces active TCP connections (eg, via a  connect()  syscall;
14       accept() are passive connections). This can be useful for general trou‐
15       bleshooting to see what connections are initiated by the local server.
16
17       All connection attempts are traced, even if they ultimately fail.
18
19       This works by tracing the kernel tcp_v4_connect() and  tcp_v6_connect()
20       functions  using  dynamic  tracing, and will need updating to match any
21       changes to these functions.
22
23       Since this uses BPF, only the root user can use this tool.
24

REQUIREMENTS

26       CONFIG_BPF and bpftrace.
27

EXAMPLES

29       Trace all active TCP connections:
30              # tcpconnect.bt
31
32
33       FIELDS
34
35       TIME(s)
36              Time of the call, in HH:MM:SS format.
37
38       PID    Process ID
39
40       COMM   Process name
41
42       SADDR  Source IP address.
43
44       SPORT  Source port.
45
46       DADDR  Destination IP address.
47
48       DPORT  Destination port
49

OVERHEAD

51       This traces the kernel tcp_v[46]_connect functions  and  prints  output
52       for  each event. As the rate of this is generally expected to be low (<
53       1000/s), the overhead is also expected to be negligible. If you have an
54       application that is calling a high rate of connects()s, such as a proxy
55       server, then test and understand this overhead before use.
56

SOURCE

58       This is from bpftrace
59
60              https://github.com/iovisor/bpftrace
61
62       Also look in the bpftrace distribution for  a  companion  _examples.txt
63       file containing example usage, output, and commentary for this tool.
64
65       This  is  a  bpftrace version of the bcc tool of the same name. The bcc
66       tool may provide more options and customizations.
67
68              https://github.com/iovisor/bcc
69

OS

71       Linux
72

STABILITY

74       Unstable - in development.
75

AUTHOR

77       Brendan Gregg, adapted for bpftrace by Dale Hamel
78

SEE ALSO

80       tcpaccept(8), funccount(8), tcpdump(8)
81
82
83
84USER COMMANDS                     2018-11-24                     tcpconnect(8)
Impressum