1tcpdrop(8) System Manager's Manual tcpdrop(8)
2
6 tcpdrop - Trace kernel-based TCP packet drops with details. Uses Linux
7 eBPF/bcc.
8
10 tcpdrop [-4 | -6] [-h]
11
13 This tool traces TCP packets or segments that were dropped by the ker‐
14 nel, and shows details from the IP and TCP headers, the socket state,
15 and the kernel stack trace. This is useful for debugging cases of high
16 kernel drops, which can cause timer-based retransmits and performance
17 issues.
18 This tool works using dynamic tracing of the tcp_drop() kernel func‐
20 tion, which requires a recent kernel version.
21 Since this uses BPF, only the root user can use this tool.
23
25 CONFIG_BPF and bcc.
26
28 -4 Trace IPv4 family only.
29 -6 Trace IPv6 family only.
31 -h Print usage message.
33
35 Trace kernel-based TCP packet drops with details:
36 # tcpdrop
37 Trace IPv4 family only:
39 # tcpdrop -4
40 Trace IPv6 family only:
42 # tcpdrop -6
43
45 TIME Time of the drop, in HH:MM:SS format.
46 PID Process ID that was on-CPU during the drop. This may be unre‐
48 lated, as drops can occur on the receive interrupt and be unre‐
49 lated to the PID that was interrupted.
50 IP IP address family (4 or 6)
52 SADDR Source IP address.
54 SPORT Source TCP port.
56 DADDR Destination IP address.
58 DPORT Destionation TCP port.
60 STATE TCP session state ("ESTABLISHED", etc).
62 FLAGS TCP flags ("SYN", etc).
64
66 This traces the kernel tcp_drop() function, which should be low fre‐
67 quency, and therefore the overhead of this tool should be negligible.
68 As always, test and understand this tools overhead for your types of
70 workloads before production use.
71
73 This is from bcc.
74 https://github.com/iovisor/bcc
76 Also look in the bcc distribution for a companion _examples.txt file
78 containing example usage, output, and commentary for this tool.
79
81 Linux
82
84 Unstable - in development.
85
87 Brendan Gregg
88
90 tcplife(8), tcpaccept(8), tcpconnect(8), tcptop(8)
91USER COMMANDS 2018-05-30 tcpdrop(8)