xref: /netbsd-src/external/cddl/dtracetoolkit/dist/Docs/Examples/tcpsnoop_example.txt (revision c29d51755812ace2e87aeefdb06cb2b4dac7087a)

The following is a demonstration of the tcpsnoop program.



Here we run tcpsnoop and wait for new TCP connections to be established,

   # tcpsnoop
     UID    PID LADDR           LPORT DR RADDR           RPORT  SIZE CMD
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 <- 192.168.1.1        79    66 finger
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    56 finger
     100  20892 192.168.1.5     36398 <- 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 <- 192.168.1.1        79   606 finger
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 <- 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 -> 192.168.1.1        79    54 finger
     100  20892 192.168.1.5     36398 <- 192.168.1.1        79    54 finger
       0    242 192.168.1.5        23 <- 192.168.1.1     54224    54 inetd
       0    242 192.168.1.5        23 -> 192.168.1.1     54224    54 inetd
       0    242 192.168.1.5        23 <- 192.168.1.1     54224    54 inetd
       0    242 192.168.1.5        23 <- 192.168.1.1     54224    78 inetd
       0    242 192.168.1.5        23 -> 192.168.1.1     54224    54 inetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    57 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    54 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    78 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    57 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    54 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    54 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    60 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    63 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    54 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    60 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    60 in.telnetd
       0  20893 192.168.1.5        23 <- 192.168.1.1     54224    60 in.telnetd
       0  20893 192.168.1.5        23 -> 192.168.1.1     54224    72 in.telnetd
   [...]

As new connections are made, each of the TCP packets are traced along with
the UID, PID and command name.



tcpsnoop has many options, for example here we use "-v" to print times,

   # tcpsnoop -v
   STRTIME                UID    PID LADDR           LPORT DR RADDR           RPORT  SIZE CMD
   2005 Jul 11 21:21:19     0    242 192.168.1.5        79 <- 192.168.1.1     49001    54 inetd
   2005 Jul 11 21:21:19     0    242 192.168.1.5        79 -> 192.168.1.1     49001    54 inetd
   2005 Jul 11 21:21:19     0    242 192.168.1.5        79 <- 192.168.1.1     49001    54 inetd
   2005 Jul 11 21:21:19     0    242 192.168.1.5        79 <- 192.168.1.1     49001    56 inetd
   2005 Jul 11 21:21:19     0    242 192.168.1.5        79 -> 192.168.1.1     49001    54 inetd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 -> 192.168.1.1     49001   444 in.fingerd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 -> 192.168.1.1     49001    54 in.fingerd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 <- 192.168.1.1     49001    54 in.fingerd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 <- 192.168.1.1     49001    54 in.fingerd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 <- 192.168.1.1     49001    54 in.fingerd
   2005 Jul 11 21:21:19     0  23181 192.168.1.5        79 -> 192.168.1.1     49001    54 in.fingerd
   [...]