1 .TH tcpsnoop 1m "$Date:: 2007-10-04 #$" "USER COMMANDS"
3 tcpsnoop \- snoop TCP network packets by process. Uses DTrace.
6 [\-a|hjsvZ] [\-n name] [\-p pid]
8 This analyses TCP network packets and prints the responsible PID and UID,
9 plus standard details such as IP address and port. This captures traffic
10 of newly created TCP connections that were established while this program
11 was running. It can help identify which processes is causing TCP traffic.
13 Since this uses DTrace, only the root user or users with the
14 dtrace_kernel privilege can run this command.
16 Solaris Nevada / OpenSolaris, circa late 2007
18 unstable - this script uses fbt provider probes which may change for
19 future updates of the OS, invalidating this script. Please read
20 Docs/Notes/ALLfbt_notes.txt for further details about these fbt scripts.
46 Default output, snoop TCP network packets with details,
50 Print human readable timestamps,
60 Print sshd traffic only,
98 human readable timestamp, string
107 See the DTraceToolkit for further documentation under the
108 Docs directory. The DTraceToolkit docs may include full worked
109 examples with verbose descriptions explaining the output.
111 tcpsnoop will print traffic until Ctrl\-C is hit.
116 tcptop(1M), dtrace(1M)