tcpstat(1m) - report statistics on TCP and UDP traffic
-
System Administration Commands tcpstat(1M) NAME tcpstat - report statistics on TCP and UDP traffic SYNOPSIS tcpstat [-cmnrt] [-a address[,address...]] [-A address[,address...]] [-d d|u] [-i interface[,interface...]] [-i pid[,pid]] [-l nlines] [-p port[,port...]] [-P port[,port...]] [-s key | -S key] -T protocol[,protocol... [-u R|K|M|G|T|P] [-x opt[=val][,opt[=val]...]] [-z zonename[,zonename...]] [interval [count]] DESCRIPTION The tcpstat utility gathers and reports statistics on TCP and UDP traf- fic based on the selected output mode and sort order. tcpstat pro- vides options to gather and report statistics only on traffic matching specified source or destination address, interface, process ID, source or destination port, and zonename. OPTIONS The following options are supported: -a address[,address...] Filter on source address. -A address[,address...] Filter on destination address. -c Print new reports below previous reports instead of overprinting them. -d d|u Print a timestamp for each report in either standard date format (-d d) or in seconds since epoch, that is, Unix time (-d u). -i pid[,pid...] Filter on pid. -l nlines The number of lines of data to output per report. -m Produce machine-parsable output. -n Show network addresses as numbers. Do not resolve IP addresses to hostnames. -p port[,port...] Filter on port name. -r Only display data for packets being received. -s key | -S key Sort in ascending (-S) or descending (-s) order by key, where the keys are as fol- lows: o zone - zonename o pid - process ID o proto - transport-layer proto- col o source - source IP address o sport - source port o dest - destination IP address o dport - destination port o bytes - amount of data By default, the data is sorted in descend- ing order by bytes. -t Only display data for packets being trans- mitted. -u R|K|M|G|T|P If used, allows choosing the unit in which to display all statistics, for example, R: raw count, K: Kilobits, M:Megabits, T: Terabits, P: Petabits. If not used, then different units, as appropriate, are used to display the sta- tistics, using the format xy.zU, where x, y, and z are numbers and U is the appro- priate unit. -T protocol[,protocol...] Specify which transport-layer protocol to display. The acceptable options are tcp or udp. By default, data is displayed for all supported transport-layer protocols. -x opt=val[,opt=val] Enable or modify a DTrace runtime option or D compiler option. The full list of options is found in dtrace(1M). For this utility, the aggsize and aggrate options will be most useful. The utility will dis- play an error message similar to the fol- lowing if you need to modify one of these options: Data dropped. Consider using '-x aggsize=8k' option. The default for aggsize is 512k. The default for aggrate is 1Hz. -z zonename[,zonename...] Filters on zonename. OUTPUT The following list defines the column headings and the meanings of an tcpstat report: ZONE The name of the zone associated with this network traffic. PID The process ID associated with this network traffic. PROTO The protocol associated with this network traffic. SADDR The source IP address or hostname associated with this network traffic. SPORT The source port associated with this network traffic. DADDR The destination IP address or hostname associated with this network traffic. DPORT The destination port associated with this network traffic. BYTES The rate of network traffic over the sampling interval. In regular output, the rate is reported in bytes (no suffix), kilobytes (K), megabytes (M), gigabytes(G), terabytes (T), or petabytes(P) per second. In machine-parsable output, the rate is given in bytes per second. The -u option can be used to specify a fixed unit for this number. OPERANDS The following operands are supported: count Specifies the number of times that the statistics are to be repeated. By default, tcpstat reports statistics until a termination signal is received. interval Specifies the sampling interval in seconds; the default interval is 5 seconds. EXIT STATUS The following exit values are returned: 0 Successful completion. 1 An error occurred. EXAMPLES Example 1 Reporting the Five Most Active Traffic Flows The following command reports the five most active traffic flows. $ ./tcpstat -l 5 ZONE PID PROTO SADDR SPORT DADDR DPORT BYTES global 28919 TCP duff.cs.uni.edu 65398 adc-twvpn-1.orac 443 33.0 zone1 6940 TCP duff-dry.cs.uni. 6868 duff.cs.uni.edu 61318 8.0 zone1 6940 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 global 8350 TCP duff-dry.cs.uni. 6868 duff.cs.uni.edu 61318 8.0 global 8350 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 Total: bytes in: 16.0 bytes out: 49.0 Example 2 Displaying a Timestamp The following command reports the top network traffic with a timestamp in standard date format. New reports are printed below previous reports, and the interval is set to ten seconds. $ ./tcpstat -d d -c 10 Saturday, March 31, 2012 07:48:05 AM EDT ZONE PID PROTO SADDR SPORT DADDR DPORT BYTES global 2372 TCP heineken.splat.u 58094 rmdc-proxy.oracl 80 37.0 zone1 6940 TCP duff-dry.cs.uni. 6868 duff.cs.uni.edu 61318 8.0 zone1 6940 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 global 8350 TCP duff-dry.cs.uni. 6868 duff.cs.uni.edu 61318 8.0 global 8350 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 Total: bytes in: 16.0 bytes out: 53.0 Example 3 Specifying a DTrace Runtime Option The following command sets the DTrace runtime option aggsize to 1K. As this is too small for the collected data, an error is displayed to indicate that data has been dropped. $ ./tcpstat -x aggsize=1k -c 1 Please wait... ZONE PID PROTO SADDR SPORT DADDR DPORT BYTES zone1 6940 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 global 8350 TCP duff-dry.cs.uni. 6868 duff.cs.uni.edu 61318 8.0 global 8350 TCP duff.cs.uni.edu 61318 duff-dry.cs.uni. 6868 8.0 Data dropped. Consider using '-x aggsize=2k' option. Total: bytes in: 0.0 bytes out: 0.0 Example 4 Generating Machine-Parsable Output The following command displays the data in one-second intervals in a machine-parsable format with a Unix-format timestamp. $ ./tcpstat -d u -m 1 timestamp:1333144286 global:TCP:2372:adc-proxy.oracle.com:80:harp.blat.uni.edu:44403:21083 global:TCP:2372:adc-proxy.oracle.com:80:harp.blat.uni.edu:59012:3136 global:TCP:2372:adc-proxy.oracle.com:80:harp.blat.uni.edu:37122:925 global:TCP:2372:harp.blat.uni.edu:59012:adc-proxy.oracle.com:80:670 global:TCP:2372:adc-proxy.oracle.com:80:harp.blat.uni.edu:64848:478 global:TCP:2372:adc-proxy.oracle.com:80:harp.blat.uni.edu:43355:425 global:TCP:2372:harp.blat.uni.edu:37122:adc-proxy.oracle.com:80:414 global:TCP:2372:harp.blat.uni.edu:44403:adc-proxy.oracle.com:80:403 zone1:TCP:6940:duff-dry.cs.uni.edu:6868:duff.cs.uni.edu:61318:8 zone1:TCP:6940:duff.cs.uni.edu:61318:duff-dry.cs.uni.edu:6868:8 global:TCP:8350:duff-dry.cs.uni.edu:6868:duff.cs.uni.edu:61318:8 global:TCP:8350:duff.cs.uni.edu:61318:duff-dry.cs.uni.edu:6868:8 total:TCP:26063:1503 timestamp:1333144287 zone1:TCP:6940:duff-dry.cs.uni.edu:6868:duff.cs.uni.edu:61318:8 zone1:TCP:6940:duff.cs.uni.edu:61318:duff-dry.cs.uni.edu:6868:8 global:TCP:8350:duff-dry.cs.uni.edu:6868:duff.cs.uni.edu:61318:8 global:TCP:8350:duff.cs.uni.edu:61318:duff-dry.cs.uni.edu:6868:8 total:16:16 ATTRIBUTES See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availibility |system/core-os | +-----------------------------+-----------------------------+ SEE ALSO dtrace(1M), ipstat(1M) NOTES The data presented are not sampled data. The values represent an accu- rate count of the network traffic. In the event that data are dropped, an error message will be displayed to indicate this. SunOS 5.11SunOS 5.11 6 Mar 2015 tcpstat(1M)
© Lightnetics 2024