29 lines
1.1 KiB
Plaintext
29 lines
1.1 KiB
Plaintext
Demonstrations of tcpretrans, the Linux bpftrace/eBPF version.
|
|
|
|
|
|
This tool traces the kernel TCP retransmit function to show details of these
|
|
retransmits. For example:
|
|
|
|
# ./tcpretrans.bt
|
|
TIME PID LADDR:LPORT RADDR:RPORT STATE
|
|
01:55:05 0 10.153.223.157:22 69.53.245.40:34619 ESTABLISHED
|
|
01:55:05 0 10.153.223.157:22 69.53.245.40:34619 ESTABLISHED
|
|
01:55:17 0 10.153.223.157:22 69.53.245.40:22957 ESTABLISHED
|
|
[...]
|
|
|
|
This output shows three TCP retransmits, the first two were for an IPv4
|
|
connection from 10.153.223.157 port 22 to 69.53.245.40 port 34619. The TCP
|
|
state was "ESTABLISHED" at the time of the retransmit. The on-CPU PID at the
|
|
time of the retransmit is printed, in this case 0 (the kernel, which will
|
|
be the case most of the time).
|
|
|
|
Retransmits are usually a sign of poor network health, and this tool is
|
|
useful for their investigation. Unlike using tcpdump, this tool has very
|
|
low overhead, as it only traces the retransmit function. It also prints
|
|
additional kernel details: the state of the TCP session at the time of the
|
|
retransmit.
|
|
|
|
USAGE message:
|
|
|
|
# ./tcpretrans.bt
|