Home | History | Annotate | Download | only in tools 
      1 Demonstrations of tcpstates, the Linux BPF/bcc version.
      2 
      3 
      4 tcpstates prints TCP state change information, including the duration in each
      5 state as milliseconds. For example, a single TCP session:
      6 
      7 # tcpstates
      8 SKADDR           C-PID C-COMM     LADDR           LPORT RADDR           RPORT OLDSTATE    -> NEWSTATE    MS
      9 ffff9fd7e8192000 22384 curl       100.66.100.185  0     52.33.159.26    80    CLOSE       -> SYN_SENT    0.000
     10 ffff9fd7e8192000 0     swapper/5  100.66.100.185  63446 52.33.159.26    80    SYN_SENT    -> ESTABLISHED 1.373
     11 ffff9fd7e8192000 22384 curl       100.66.100.185  63446 52.33.159.26    80    ESTABLISHED -> FIN_WAIT1   176.042
     12 ffff9fd7e8192000 0     swapper/5  100.66.100.185  63446 52.33.159.26    80    FIN_WAIT1   -> FIN_WAIT2   0.536
     13 ffff9fd7e8192000 0     swapper/5  100.66.100.185  63446 52.33.159.26    80    FIN_WAIT2   -> CLOSE       0.006
     14 ^C
     15 
     16 This showed that the most time was spent in the ESTABLISHED state (which then
     17 transitioned to FIN_WAIT1), which was 176.042 milliseconds.
     18 
     19 The first column is the socked address, as the output may include lines from
     20 different sessions interleaved. The next two columns show the current on-CPU
     21 process ID and command name: these may show the process that owns the TCP
     22 session, depending on whether the state change executes synchronously in
     23 process context. If that's not the case, they may show kernel details.
     24 
     25 
     26 USAGE:
     27 
     28 # tcpstates -h
     29 usage: tcpstates [-h] [-T] [-t] [-w] [-s] [-L LOCALPORT] [-D REMOTEPORT]
     30 
     31 Trace TCP session state changes and durations
     32 
     33 optional arguments:
     34   -h, --help            show this help message and exit
     35   -T, --time            include time column on output (HH:MM:SS)
     36   -t, --timestamp       include timestamp on output (seconds)
     37   -w, --wide            wide column output (fits IPv6 addresses)
     38   -s, --csv             comma separated values output
     39   -L LOCALPORT, --localport LOCALPORT
     40                         comma-separated list of local ports to trace.
     41   -D REMOTEPORT, --remoteport REMOTEPORT
     42                         comma-separated list of remote ports to trace.
     43 
     44 examples:
     45     ./tcpstates           # trace all TCP state changes
     46     ./tcpstates -t        # include timestamp column
     47     ./tcpstates -T        # include time column (HH:MM:SS)
     48     ./tcpstates -w        # wider colums (fit IPv6)
     49     ./tcpstates -stT      # csv output, with times & timestamps
     50     ./tcpstates -L 80     # only trace local port 80
     51     ./tcpstates -L 80,81  # only trace local ports 80 and 81
     52     ./tcpstates -D 80     # only trace remote port 80
     53