Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

[FreeBSD/stable/10.git] / cddl / contrib / dtracetoolkit / Examples / tcpsnoop_example.txt

The following is a demonstration of the tcpsnoop program.



Here we run tcpsnoop and wait for new TCP connections to be established,

   # tcpsnoop
     UID    PID LADDR           LPORT DR RADDR           RPORT  SIZE CMD
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 <- 192.168.1.1        79    66 finger
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    56 finger
     100  20892 192.168.1.5     36398 <- 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 <- 192.168.1.1        79   606 finger
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 <- 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 <- 192.168.1.1        79    54 finger
       0    242 192.168.1.5        23 <- 192.168.1.1     54224    54 inetd
       0    242 192.168.1.5        23 -> 192.168.1.1     54224    54 inetd
       0    242 192.168.1.5        23 <- 192.168.1.1     54224    54 inetd
       0    242 192.168.1.5        23 <- 192.168.1.1     54224    78 inetd
       0    242 192.168.1.5        23 -> 192.168.1.1     54224    54 inetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    57 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    54 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    78 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    57 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    54 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    54 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    60 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    63 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    54 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    60 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    60 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    60 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    72 in.telnetd
   [...]

As new connections are made, each of the TCP packets are traced along with
the UID, PID and command name.



tcpsnoop has many options, for example here we use "-v" to print times,

   # tcpsnoop -v
   STRTIME                UID    PID LADDR           LPORT DR RADDR           RPORT  SIZE CMD
   2005 Jul 11 21:21:19     0    242 192.168.1.5        79 <- 192.168.1.1     49001    54 inetd
   2005 Jul 11 21:21:19     0    242 192.168.1.5        79 -> 192.168.1.1     49001    54 inetd
   2005 Jul 11 21:21:19     0    242 192.168.1.5        79 <- 192.168.1.1     49001    54 inetd
   2005 Jul 11 21:21:19     0    242 192.168.1.5        79 <- 192.168.1.1     49001    56 inetd
   2005 Jul 11 21:21:19     0    242 192.168.1.5        79 -> 192.168.1.1     49001    54 inetd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 -> 192.168.1.1     49001   444 in.fingerd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 -> 192.168.1.1     49001    54 in.fingerd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 <- 192.168.1.1     49001    54 in.fingerd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 <- 192.168.1.1     49001    54 in.fingerd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 <- 192.168.1.1     49001    54 in.fingerd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 -> 192.168.1.1     49001    54 in.fingerd
   [...]