.TH tcpsnoop.d 1m  "$Date:: 2007-10-04 #$" "USER COMMANDS"
.SH NAME
tcpsnoop.d \- snoop TCP network packets by process. DTrace.
.SH SYNOPSIS
.B tcpsnoop.d
.SH DESCRIPTION
This analyses TCP network packets and prints the responsible PID and UID,
plus standard details such as IP address and port. This captures traffic
of newly created TCP connections that were established while this program
was running. It can help identify which processes is causing TCP traffic.

This is a DTrace only version of "tcpsnoop" - an enhanced program that 
provides command line options.

Since this uses DTrace, only the root user or users with the
dtrace_kernel privilege can run this command.
.SH OS
Solaris Nevada / OpenSolaris, circa late 2007
.SH STABILITY
unstable - this script uses fbt provider probes which may change for
future updates of the OS, invalidating this script. Please read
Docs/Notes/ALLfbt_notes.txt for further details about these fbt scripts.
.SH EXAMPLES
.TP
Default output, snoop TCP network packets with details,
# 
.B tcpsnoop.d
.PP
.SH FIELDS
.TP
UID
user ID
.TP
PID
process ID
.TP
CMD
command name
.TP
LADDR
local IP address
.TP
RADDR
remote IP address
.TP
LPORT
local port number
.TP
RPORT
remote port number
.TP
DR
direction
.TP
SIZE
packet size, bytes
.PP
.SH DOCUMENTATION
See the DTraceToolkit for further documentation under the 
Docs directory. The DTraceToolkit docs may include full worked
examples with verbose descriptions explaining the output.
.SH EXIT
tcpsnoop.d will print traffic until Ctrl\-C is hit.
.SH AUTHOR
Brendan Gregg
[Sydney, Australia]
.SH SEE ALSO
tcpsnoop(1M), tcptop(1M), dtrace(1M)