tcpstat [-cmnrt] [-a address[,address...]] [-A address[,address...]] [-d d|u] [-i interface[ ,interface...]] [-i pid[ ,pid]] [-l nlines] [-p port[,port... ]] [-P port[ ,port...]] [-s key | -S key] [-u R|K|M|G|T|P] [-x opt[ =val][,opt[=val]...]] [-z zonename[,zonename... ]] [interval [count]]
The tcpstat utility gathers and reports statistics on TCP and UDP traffic based on the selected output mode and sort order. tcpstat provides options to gather and report statistics only on traffic matching specified source or destination address, interface, process ID, source or destination port, and zonename.
The following options are supported:
Filter on source address.
Filter on destination address.
Print new reports below previous reports instead of overprinting them.
Print a timestamp for each report in either standard date format (-d d) or in seconds since epoch, that is, Unix time (-d u).
Filter on pid.
The number of lines of data to output per report.
Produce machine-parsable output.
Show network addresses as numbers. Do not resolve IP addresses to hostnames.
Filter on port name.
Only display data for packets being received.
Sort in ascending (–S) or descending (–s) order by key, where the keys are as follows:
zone - zonename
pid - process ID
proto - transport-layer protocol
source - source IP address
sport - source port
dest - destination IP address
dport - destination port
bytes - amount of data
By default, the data is sorted in descending order by bytes.
Only display data for packets being transmitted.
If used, allows choosing the unit in which to display all statistics, for example, R: raw count, K: Kilobits, M:Megabits, T: Terabits, P: Petabits. If not used, then different units, as appropriate, are used to display the statistics, using the format xy.zU, where x, y, and z are numbers and U is the appropriate unit.
Specify which transport-layer protocol to display. The acceptable options are tcp or udp. By default, data is displayed for all supported transport-layer protocols.
Enable or modify a DTrace runtime option or D compiler option. The full list of options is found in dtrace(1M). For this utility, the aggsize and aggrate options will be most useful. The utility will display an error message similar to the following if you need to modify one of these options:
Data dropped. Consider using '-x aggsize=8k' option.
The default for aggsize is 512k. The default for aggrate is 1Hz.
Filters on zonename.
The following list defines the column headings and the meanings of an tcpstat report:
The name of the zone associated with this network traffic.
The process ID associated with this network traffic.
The protocol associated with this network traffic.
The source IP address or hostname associated with this network traffic.
The source port associated with this network traffic.
The destination IP address or hostname associated with this network traffic.
The destination port associated with this network traffic.
The rate of network traffic over the sampling interval. In regular output, the rate is reported in bytes (no suffix), kilobytes (K), megabytes (M), gigabytes(G), terabytes (T), or petabytes(P) per second. In machine-parsable output, the rate is given in bytes per second. The –u option can be used to specify a fixed unit for this number.
The following operands are supported:
Specifies the number of times that the statistics are to be repeated. By default, tcpstat reports statistics until a termination signal is received.
Specifies the sampling interval in seconds; the default interval is 5 seconds.
The following exit values are returned:
Successful completion.
An error occurred.
The following command reports the five most active traffic flows.
$ ./tcpstat -l 5 ZONE PID PROTO SADDR SPORT DADDR DPORT BYTES global 28919 TCP duff.cs.uni.edu 65398 adc-twvpn-1.orac 443 33.0 zone1 6940 TCP duff-dry.cs.uni. 6868 duff.cs.uni.edu 61318 8.0 zone1 6940 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 global 8350 TCP duff-dry.cs.uni. 6868 duff.cs.uni.edu 61318 8.0 global 8350 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 Total: bytes in: 16.0 bytes out: 49.0Example 2 Displaying a Timestamp
The following command reports the top network traffic with a timestamp in standard date format. New reports are printed below previous reports, and the interval is set to ten seconds.
$ ./tcpstat -d d -c 10 Saturday, March 31, 2012 07:48:05 AM EDT ZONE PID PROTO SADDR SPORT DADDR DPORT BYTES global 2372 TCP heineken.splat.u 58094 rmdc-proxy.oracl 80 37.0 zone1 6940 TCP duff-dry.cs.uni. 6868 duff.cs.uni.edu 61318 8.0 zone1 6940 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 global 8350 TCP duff-dry.cs.uni. 6868 duff.cs.uni.edu 61318 8.0 global 8350 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 Total: bytes in: 16.0 bytes out: 53.0Example 3 Specifying a DTrace Runtime Option
The following command sets the DTrace runtime option aggsize to 1K. As this is too small for the collected data, an error is displayed to indicate that data has been dropped.
$ ./tcpstat -x aggsize=1k -c 1 Please wait... ZONE PID PROTO SADDR SPORT DADDR DPORT BYTES zone1 6940 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 global 8350 TCP duff-dry.cs.uni. 6868 duff.cs.uni.edu 61318 8.0 global 8350 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 Data dropped. Consider using '-x aggsize=2k' option. Total: bytes in: 0.0 bytes out: 0.0Example 4 Generating Machine-Parsable Output
The following command displays the data in one-second intervals in a machine-parsable format with a Unix-format timestamp.
$ ./tcpstat -d u -m 1 timestamp:1333144286 global:TCP:2372:adc-proxy.oracle.com:80:harp.blat.uni.edu:44403:21083 global:TCP:2372:adc-proxy.oracle.com:80:harp.blat.uni.edu:59012:3136 global:TCP:2372:adc-proxy.oracle.com:80:harp.blat.uni.edu:37122:925 global:TCP:2372:harp.blat.uni.edu:59012:adc-proxy.oracle.com:80:670 global:TCP:2372:adc-proxy.oracle.com:80:harp.blat.uni.edu:64848:478 global:TCP:2372:adc-proxy.oracle.com:80:harp.blat.uni.edu:43355:425 global:TCP:2372:harp.blat.uni.edu:37122:adc-proxy.oracle.com:80:414 global:TCP:2372:harp.blat.uni.edu:44403:adc-proxy.oracle.com:80:403 zone1:TCP:6940:duff-dry.cs.uni.edu:6868:duff.cs.uni.edu:61318:8 zone1:TCP:6940:duff.cs.uni.edu:61318:duff-dry.cs.uni.edu:6868:8 global:TCP:8350:duff-dry.cs.uni.edu:6868:duff.cs.uni.edu:61318:8 global:TCP:8350:duff.cs.uni.edu:61318:duff-dry.cs.uni.edu:6868:8 total:TCP:26063:1503 timestamp:1333144287 zone1:TCP:6940:duff-dry.cs.uni.edu:6868:duff.cs.uni.edu:61318:8 zone1:TCP:6940:duff.cs.uni.edu:61318:duff-dry.cs.uni.edu:6868:8 global:TCP:8350:duff-dry.cs.uni.edu:6868:duff.cs.uni.edu:61318:8 global:TCP:8350:duff.cs.uni.edu:61318:duff-dry.cs.uni.edu:6868:8 total:16:16
See attributes(5) for descriptions of the following attributes:
|
The data presented are not sampled data. The values represent an accurate count of the network traffic. In the event that data are dropped, an error message will be displayed to indicate this.