xref: /aosp_15_r20/external/bcc/tools/tcpstates_example.txt (revision 387f9dfdfa2baef462e92476d413c7bc2470293e) 
1Demonstrations of tcpstates, the Linux BPF/bcc version.
2
3
4tcpstates prints TCP state change information, including the duration in each
5state as milliseconds. For example, a single TCP session:
6
7# tcpstates
8SKADDR           C-PID C-COMM     LADDR           LPORT RADDR           RPORT OLDSTATE    -> NEWSTATE    MS
9ffff9fd7e8192000 22384 curl       100.66.100.185  0     52.33.159.26    80    CLOSE       -> SYN_SENT    0.000
10ffff9fd7e8192000 0     swapper/5  100.66.100.185  63446 52.33.159.26    80    SYN_SENT    -> ESTABLISHED 1.373
11ffff9fd7e8192000 22384 curl       100.66.100.185  63446 52.33.159.26    80    ESTABLISHED -> FIN_WAIT1   176.042
12ffff9fd7e8192000 0     swapper/5  100.66.100.185  63446 52.33.159.26    80    FIN_WAIT1   -> FIN_WAIT2   0.536
13ffff9fd7e8192000 0     swapper/5  100.66.100.185  63446 52.33.159.26    80    FIN_WAIT2   -> CLOSE       0.006
14^C
15
16This showed that the most time was spent in the ESTABLISHED state (which then
17transitioned to FIN_WAIT1), which was 176.042 milliseconds.
18
19The first column is the socked address, as the output may include lines from
20different sessions interleaved. The next two columns show the current on-CPU
21process ID and command name: these may show the process that owns the TCP
22session, depending on whether the state change executes synchronously in
23process context. If that's not the case, they may show kernel details.
24
25
26USAGE:
27
28# tcpstates -h
29usage: tcpstates.py [-h] [-T] [-t] [-w] [-s] [-L LOCALPORT] [-D REMOTEPORT]
30                    [-Y] [-4 | -6]
31
32Trace TCP session state changes and durations
33
34optional arguments:
35  -h, --help            show this help message and exit
36  -T, --time            include time column on output (HH:MM:SS)
37  -t, --timestamp       include timestamp on output (seconds)
38  -w, --wide            wide column output (fits IPv6 addresses)
39  -s, --csv             comma separated values output
40  -L LOCALPORT, --localport LOCALPORT
41                        comma-separated list of local ports to trace.
42  -D REMOTEPORT, --remoteport REMOTEPORT
43                        comma-separated list of remote ports to trace.
44  -Y, --journal         log session state changes to the systemd journal
45  -4, --ipv4            trace IPv4 family only
46  -6, --ipv6            trace IPv6 family only
47
48examples:
49    ./tcpstates           # trace all TCP state changes
50    ./tcpstates -t        # include timestamp column
51    ./tcpstates -T        # include time column (HH:MM:SS)
52    ./tcpstates -w        # wider columns (fit IPv6)
53    ./tcpstates -stT      # csv output, with times & timestamps
54    ./tcpstates -Y        # log events to the systemd journal
55    ./tcpstates -L 80     # only trace local port 80
56    ./tcpstates -L 80,81  # only trace local ports 80 and 81
57    ./tcpstates -D 80     # only trace remote port 80
58    ./tcpstates -4        # trace IPv4 family only
59    ./tcpstates -6        # trace IPv6 family only
60