1 The following is a demonstration of the tcpwdist.d script.
4 Here the tcpwdist.d script is run for a few seconds then Ctrl-C is hit,
7 Tracing... Hit Ctrl-C to end.
9 PID: 15300 CMD: finger @mars\0
11 value ------------- Distribution ------------- count
13 0 |@@@@@@@@@@@@@@@@@@@@ 1
15 2 |@@@@@@@@@@@@@@@@@@@@ 1
18 PID: 4967 CMD: /usr/lib/ssh/sshd\0
20 value ------------- Distribution ------------- count
22 32 |@@@@@@@@@@@@@@@@@@@@ 1
23 64 |@@@@@@@@@@@@@@@@@@@@ 1
26 PID: 9172 CMD: /usr/lib/ssh/sshd\0
28 value ------------- Distribution ------------- count
31 64 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 14
37 PID: 15301 CMD: rcp 1Mb.gz mars:/tmp\0
39 value ------------- Distribution ------------- count
55 16384 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 64
58 In the above output we can see the "rcp" command dominates, sending
59 large writes (16 to 31 Kb) 64 times. The "sshd" ssh daemons each sent
60 several smaller writes, from 32 to 127 bytes - which corresponds to
61 command line activity (eg, screen width of 80 bytes). The finger command
62 sent 2 bytes once, and zero data bytes once.
64 These values are the TCP write payload sizes.
66 The writes from the "rcp" command seem unusual at over 16 Kb each, when
67 this is an Ethernet network with an MTU of 1500 bytes. The reason is that
68 at this point the data has not yet been broken down into MTU sized packets,
69 so we are looking at the applications behaviour as it writes to TCP.