403Webshell
Server IP : 15.235.198.142  /  Your IP : 216.73.216.190
Web Server : Apache/2.4.58 (Ubuntu)
System : Linux ballsack 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30 12:02:04 UTC 2024 x86_64
User : www-data ( 33)
PHP Version : 8.3.6
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : OFF
Directory :  /usr/share/doc/bpftrace/examples/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/share/doc/bpftrace/examples/tcpretrans_example.txt
Demonstrations of tcpretrans, the Linux bpftrace/eBPF version.


This tool traces the kernel TCP retransmit function to show details of these
retransmits. For example:

# ./tcpretrans.bt
TIME     PID               LADDR:LPORT           RADDR:RPORT  STATE
01:55:05 0        10.153.223.157:22       69.53.245.40:34619  ESTABLISHED
01:55:05 0        10.153.223.157:22       69.53.245.40:34619  ESTABLISHED
01:55:17 0        10.153.223.157:22       69.53.245.40:22957  ESTABLISHED
[...]

This output shows three TCP retransmits, the first two were for an IPv4
connection from 10.153.223.157 port 22 to 69.53.245.40 port 34619. The TCP
state was "ESTABLISHED" at the time of the retransmit. The on-CPU PID at the
time of the retransmit is printed, in this case 0 (the kernel, which will
be the case most of the time).

Retransmits are usually a sign of poor network health, and this tool is
useful for their investigation. Unlike using tcpdump, this tool has very
low overhead, as it only traces the retransmit function. It also prints
additional kernel details: the state of the TCP session at the time of the
retransmit.

USAGE message:

# ./tcpretrans.bt

Youez - 2016 - github.com/yon3zu
LinuXploit