Application Level Protocols

From DTraceBook

Jump to: navigation, search

This chapter uses DTrace for analyzing application level protocols, including NFSv3, NFSv4, CIFS, HTTP, DNS, FTP, iSCSI, FC, SSH, NIS and LDAP.

Contents

Sample One-Liners

See the DTrace book for more one-liners.

syscall Provider

HTTP files opened by the httpd server:
dtrace -n 'syscall::open*:entry /execname == "httpd"/ { @[copyinstr(arg0)] = count(); }'

SSH logins by UID and home directory:
dtrace -n 'syscall::chdir:entry /execname == "sshd"/ { printf("UID:%d %s", uid, copyinstr(arg0)); }'

nfsv3 Provider

NFSv3 count of operations by client address:
dtrace -n 'nfsv3:::op-*-start { @[args[0]->ci_remote] = count(); }'

NFSv3 count of operations by file pathname:
dtrace -n 'nfsv3:::op-*-start { @[args[1]->noi_curpath] = count(); }'

cifs Provider

CIFS count of operations by client address:
dtrace -n 'smb:::op-*-start { @[args[0]->ci_remote] = count(); }'

CIFS count of operations by file pathname:
dtrace -n 'smb:::op-*-done { @[args[1]->soi_curpath] = count(); }'

iscsi Provider

iSCSI payload bytes by operation type:
dtrace -n 'iscsi*::: { @[probename] = sum(args[1]->ii_datalen); }'

Scripts

Errata

1st printing:

  • p415: the line "args[5]->tcps_state, args[3]->tcps_state);" should be the following 2 lines: 
           tcp_state_string[args[5]->tcps_state],
           tcp_state_string[args[3]->tcps_state]);

This was updated in Network_Lower_Level_Protocols:tcpstate.d.

Links

Retrieved from "http://www.dtracebook.com/index.php/Application_Level_Protocols"
Personal tools