Last active
January 1, 2016 18:19
-
-
Save khailey-zz/8183343 to your computer and use it in GitHub Desktop.
get tcp traffic send and receive on a Mac. Was using this to see what programs were saturating my DSL connection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/sbin/dtrace -s | |
| #pragma D option defaultargs | |
| #pragma D option quiet | |
| inline int af_inet = 2; /* AF_INET defined in bsd/sys/socket.h */ | |
| inline int af_inet6 = 30; /* AF_INET6 defined in bsd/sys/socket.h */ | |
| /* would be cool if this worked on the MAC | |
| dtrace -n 'mib:::tcpInDataInorderBytes { @[execname] = sum(args[0]); }' | |
| but mib doesn't seem to be on my Mac 10.8.2 | |
| */ | |
| dtrace:::BEGIN | |
| { TITLE = 10; | |
| title = 0; | |
| walltime=timestamp; | |
| printf("starting up ...\n"); | |
| procs["0"]=" "; | |
| } | |
| /* syscall::connect stuff from Brendan Gregg | |
| http://dtracebook.com/index.php/Network_Lower_Level_Protocols:soconnect.d#Mac_OS_X | |
| */ | |
| syscall::connect*:entry | |
| { | |
| /* assume this is sockaddr_in until we can examine family */ | |
| this->s = (struct sockaddr_in *)copyin(arg1, sizeof (struct sockaddr)); | |
| this->f = this->s->sin_family; | |
| } | |
| syscall::connect*:entry | |
| / this->f == af_inet | |
| / | |
| { | |
| this->a = (uint8_t *)&this->s->sin_addr; | |
| this->addr1 = strjoin(lltostr(this->a[0] + 0ULL), strjoin(".", | |
| strjoin(lltostr(this->a[1] + 0ULL), "."))); | |
| this->addr2 = strjoin(lltostr(this->a[2] + 0ULL), strjoin(".", | |
| lltostr(this->a[3] + 0ULL))); | |
| self->address = strjoin(this->addr1, this->addr2); | |
| self->start = timestamp; | |
| } | |
| syscall::connect*:return | |
| /self->start/ | |
| { | |
| procs[self->address]=execname; | |
| printf(" --> %-16s %s \n", execname, self->address ); | |
| self->address = 0; | |
| self->start = 0; | |
| } | |
| tcp:::send, tcp:::receive | |
| / title == 0 / | |
| { printf(" %9s %8s %8s \n", | |
| "delta" , | |
| "send" , | |
| "recd" | |
| ); | |
| title=TITLE; | |
| } | |
| tcp:::send | |
| { delta=timestamp-walltime; | |
| walltime=timestamp; | |
| printf("send %9d %8d < / %8s %-15s %s\n", | |
| delta/1000, | |
| args[2]->ip_plength - args[4]->tcp_offset, | |
| "", | |
| args[2]->ip_daddr , | |
| curpsinfo->pr_psargs | |
| ); | |
| procs[args[2]->ip_daddr]=curpsinfo->pr_psargs; | |
| title--; | |
| } | |
| tcp:::receive | |
| / args[2]->ip_saddr != "127.0.0.1" && procs[args[2]->ip_saddr] == "" / | |
| { delta=timestamp-walltime; | |
| walltime=timestamp; | |
| printf("recd %9d %8s > \ %-8d %-15s %s (missing proc name) \n", | |
| delta/1000, | |
| "", | |
| args[2]->ip_plength - args[4]->tcp_offset, | |
| args[2]->ip_saddr , | |
| execname | |
| ); | |
| } | |
| tcp:::receive | |
| / args[2]->ip_saddr != "127.0.0.1" && procs[args[2]->ip_saddr] != "" / | |
| { delta=timestamp-walltime; | |
| walltime=timestamp; | |
| printf("recd %9d %8s > \ %-8d %-15s %s\n", | |
| delta/1000, | |
| "", | |
| args[2]->ip_plength - args[4]->tcp_offset, | |
| args[2]->ip_saddr , | |
| procs[args[2]->ip_saddr] | |
| ); | |
| title--; | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment