> > On Thu, Jun 21, 2018 at 11:51 AM, Schweiss, Chip <c...@innovates.com> > wrote: > >> I have many IPs on my Illumos servers and would like to be able to know >> how much traffic each IP is getting from which clients. >> >> Are there any scripts out there that will break down network traffic via >> source and destination IPs? >> >> tcptop from the old DTraceTookit doesn't seem to work anymore: >> dtrace: failed to compile script /dev/fd/3: Preprocessor not found >> >> -Chip >> >> > *dtrace-discuss* | Archives > <https://www.listbox.com/member/archive/184261/=now> | Modify > <https://www.listbox.com/member/?> Your Subscription > <http://www.listbox.com> >
I think you want to look at the IP provider. It provides probes like 'ip:::receive', and arguments that describe the incoming packet. Regrettably, the only docs I know of are Oracle's: https://docs.oracle.com/cd/E36784_01/html/E36846/glhhr.html I think this one-liner will count the unique (source IP, destination IP) tuples for all received packets: # dtrace -n 'ip:::receive{ @[args[2]->ip_saddr, args[2]->ip_daddr] = count(); }' The DTrace book covers this in some detail. For some reason, the original site for the book is offline, but you can find the scripts here: http://www.brendangregg.com/dtracebook/index.html -- Dave ------------------------------------------- dtrace-discuss Archives: https://www.listbox.com/member/archive/184261/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=25769126 Powered by Listbox: http://www.listbox.com
