    Dtrace for tcp

      I'm looking for Dtrace scripts that collect info on tcp. I found tcpsnoop and tcptop but they both fail:
      dtrace: failed to compile script /dev/fd/11: line 173: failed to resolve : Unknown variable name
      dtrace: failed to compile script /dev/fd/11: line 166: failed to resolve `tcp_g_q: Unknown symbol name
      These are both from [DTraceToolkit-0.99.tar.gz.|http://hub.opensolaris.org/bin/view/Community+Group+dtrace/dtracetoolkit]

      Are there working scripts for this level of Solaris?
      uname -a
      SunOS pdmisspiggy 5.10 Generic_141444-09 sun4v sparc SUNW,SPARC-Enterprise-T5220
      cat /etc/release
                             Solaris 10 5/08 s10s_u5wos_10 SPARC
                 Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
                              Use is subject to license terms.
                                   Assembled 24 March 2008
      Thanks for any insight,

        • 1. Re: Dtrace for tcp
          I've seen no effort to update the network-based scripts since they were first developed.

          I've just pasted here part of the comment section from tcpsnoop:

          # WARNING: This script may only work on Solaris 10 3/05, since it uses the
          # fbt provider to trace the raw operation of a specific version of the kernel.
          # In the future, a 'stable' network provider should exist which will allow
          # this to be written for that and subsequent versions of the kernel. In the
          # meantime, check for other versions of this script in the /Net directory,
          # and read the Notes/ALLfbt_notes.txt for more background on fbt.

          The stable provider referred to is in the works. You can read the projects notes here:

          • 2. Re: Dtrace for tcp


            I did find an updated iosnoop called tcpsnoop_snv that runs in the /Net directory.

            There are notes at http://wikis.sun.com/display/DTrace/tcp+Provider as well.

            • 3. Re: Dtrace for tcp
              Philip Brown
              I wanted to confirm that tcpsnoop_snv is indeed what is needed for newer versions of Solaris.
              Solaris 10 5/08 s10s_u5wos_10 SPARC
              for example.

              Might be nice if the naming/comments for tcpsnoop were updated somehow...