path: root/Man/man1m/tcpsnoop_snv.1m

.TH tcpsnoop 1m  "$Date:: 2007-10-04 #$" "USER COMMANDS"
.SH NAME
tcpsnoop \- snoop TCP network packets by process. Uses DTrace.
.SH SYNOPSIS
.B tcpsnoop
[\-a|hjsvZ] [\-n name] [\-p pid]
.SH DESCRIPTION
This analyses TCP network packets and prints the responsible PID and UID,
plus standard details such as IP address and port. This captures traffic
of newly created TCP connections that were established while this program
was running. It can help identify which processes is causing TCP traffic.

Since this uses DTrace, only the root user or users with the
dtrace_kernel privilege can run this command.
.SH OS
Solaris Nevada / OpenSolaris, circa late 2007
.SH STABILITY
unstable - this script uses fbt provider probes which may change for
future updates of the OS, invalidating this script. Please read
Docs/Notes/ALLfbt_notes.txt for further details about these fbt scripts.
.SH OPTIONS
.TP
\-a
print all data
.TP
\-j
print project ID
.TP
\-s
print time, us
.TP
\-v
print time, string
.TP
\-Z
print zone ID
.TP
\-n name
command name to snoop
.TP
\-p PID
process ID to snoop
.PP
.SH EXAMPLES
.TP
Default output, snoop TCP network packets with details,
# 
.B tcpsnoop
.TP
Print human readable timestamps,
#
.B tcpsnoop
\-v
.TP
Print zonename,
#
.B tcpsnoop
\-Z
.TP
Print sshd traffic only,
#
.B tcpsnoop
\-n sshd
.PP
.SH FIELDS
.TP
UID
user ID
.TP
PID
process ID
.TP
CMD
command name
.TP
LADDR
local IP address
.TP
RADDR
remote IP address
.TP
LPORT
local port number
.TP
RPORT
remote port number
.TP
DR
direction
.TP
SIZE
packet size, bytes
.TP
TIME
timestamp, us
.TP
STRTIME
human readable timestamp, string
.TP
ZONE
zone ID
.TP
PROJ
project ID
.PP
.SH DOCUMENTATION
See the DTraceToolkit for further documentation under the 
Docs directory. The DTraceToolkit docs may include full worked
examples with verbose descriptions explaining the output.
.SH EXIT
tcpsnoop will print traffic until Ctrl\-C is hit.
.SH AUTHOR
Brendan Gregg
[Sydney, Australia]
.SH SEE ALSO
tcptop(1M), dtrace(1M)