Skip to content

Instantly share code, notes, and snippets.

@balta2ar

balta2ar/nettop-tcp.stp

Created August 20, 2016 18:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save balta2ar/3d8070deccdbac569b4d3fab1de00f9b to your computer and use it in GitHub Desktop.
Save balta2ar/3d8070deccdbac569b4d3fab1de00f9b to your computer and use it in GitHub Desktop.
Download ZIP
SystemTap script that displays top 4 processes that produce TCP traffic (in/out, KBytes)
Raw
nettop-tcp.stp
#! /usr/bin/env stap
global ifxmit, ifrecv
global ifmerged
probe tcp.sendmsg.return
{
if (size > 0) {
ifxmit[pid(), "eth0", execname(), uid()] <<< size
}
}
probe tcp.recvmsg.return
{
if (size > 0) {
ifrecv[pid(), "eth0", execname(), uid()] <<< size
}
}
function print_activity()
{
printf("${color1}%-17s %5s %6s %6s\n",
"Name", "PID", "Up", "Down")
foreach ([pid, dev, exec, uid] in ifrecv) {
ifmerged[pid, dev, exec, uid] += @count(ifrecv[pid,dev,exec,uid]);
}
foreach ([pid, dev, exec, uid] in ifxmit) {
ifmerged[pid, dev, exec, uid] += @count(ifxmit[pid,dev,exec,uid]);
}
counter = 0
foreach ([pid, dev, exec, uid] in ifmerged-) {
n_xmit = @count(ifxmit[pid, dev, exec, uid])
n_recv = @count(ifrecv[pid, dev, exec, uid])
sent = n_xmit ? @sum(ifxmit[pid, dev, exec, uid])/1024 : 0
recv = n_recv ? @sum(ifrecv[pid, dev, exec, uid])/1024 : 0
printf("${color2} %-16s %5d %6d %6d\n",
exec, pid, sent, recv)
counter += 1
if (counter >= 4) {
break
}
}
while (counter < 4) {
print("\n")
counter += 1
}
delete ifxmit
delete ifrecv
delete ifmerged
}
probe timer.ms(1000), end, error
{
print_activity()
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment