1. Oracle Solaris 11.4 DTrace (Dynamic Tracing) Guide
  2. DTrace Providers
  3. Network and Network Service Protocol Providers
  4. tcp Provider
  5. Using the tcp Provider
  6. Who is Connecting to What

Who is Connecting to What

Combining the previous two examples produces a useful one liner, to quickly identify who is connecting to what:

# dtrace -n 'tcp:::accept-established \
{ @[args[3]->tcps_raddr, args[3]->tcps_lport] = count(); }' 
dtrace: description 'tcp:::state-change' matched 1 probes
^C

  192.0.2.35/27                                       40648                1
  fe80::214:4fff:fe8d:59aa                              22                1
  192.0.2.14/27                                         22                3

The preceding output shows there were three TCP connections from 192.0.2.14/27 to port 22 (ssh).