diff options
Diffstat (limited to 'Man/man1m/tcpsnoop_snv.1m')
| -rw-r--r-- | Man/man1m/tcpsnoop_snv.1m | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/Man/man1m/tcpsnoop_snv.1m b/Man/man1m/tcpsnoop_snv.1m new file mode 100644 index 000000000000..36e880d78317 --- /dev/null +++ b/Man/man1m/tcpsnoop_snv.1m @@ -0,0 +1,116 @@ +.TH tcpsnoop 1m "$Date:: 2007-10-04 #$" "USER COMMANDS" +.SH NAME +tcpsnoop \- snoop TCP network packets by process. Uses DTrace. +.SH SYNOPSIS +.B tcpsnoop +[\-a|hjsvZ] [\-n name] [\-p pid] +.SH DESCRIPTION +This analyses TCP network packets and prints the responsible PID and UID, +plus standard details such as IP address and port. This captures traffic +of newly created TCP connections that were established while this program +was running. It can help identify which processes is causing TCP traffic. + +Since this uses DTrace, only the root user or users with the +dtrace_kernel privilege can run this command. +.SH OS +Solaris Nevada / OpenSolaris, circa late 2007 +.SH STABILITY +unstable - this script uses fbt provider probes which may change for +future updates of the OS, invalidating this script. Please read +Docs/Notes/ALLfbt_notes.txt for further details about these fbt scripts. +.SH OPTIONS +.TP +\-a +print all data +.TP +\-j +print project ID +.TP +\-s +print time, us +.TP +\-v +print time, string +.TP +\-Z +print zone ID +.TP +\-n name +command name to snoop +.TP +\-p PID +process ID to snoop +.PP +.SH EXAMPLES +.TP +Default output, snoop TCP network packets with details, +# +.B tcpsnoop +.TP +Print human readable timestamps, +# +.B tcpsnoop +\-v +.TP +Print zonename, +# +.B tcpsnoop +\-Z +.TP +Print sshd traffic only, +# +.B tcpsnoop +\-n sshd +.PP +.SH FIELDS +.TP +UID +user ID +.TP +PID +process ID +.TP +CMD +command name +.TP +LADDR +local IP address +.TP +RADDR +remote IP address +.TP +LPORT +local port number +.TP +RPORT +remote port number +.TP +DR +direction +.TP +SIZE +packet size, bytes +.TP +TIME +timestamp, us +.TP +STRTIME +human readable timestamp, string +.TP +ZONE +zone ID +.TP +PROJ +project ID +.PP +.SH DOCUMENTATION +See the DTraceToolkit for further documentation under the +Docs directory. The DTraceToolkit docs may include full worked +examples with verbose descriptions explaining the output. +.SH EXIT +tcpsnoop will print traffic until Ctrl\-C is hit. +.SH AUTHOR +Brendan Gregg +[Sydney, Australia] +.SH SEE ALSO +tcptop(1M), dtrace(1M) |