> > On Thu, Jun 21, 2018 at 11:51 AM, Schweiss, Chip <[email protected]> > wrote: > >> I have many IPs on my Illumos servers and would like to be able to know >> how much traffic each IP is getting from which clients. >> >> Are there any scripts out there that will break down network traffic via >> source and destination IPs? >> >> tcptop from the old DTraceTookit doesn't seem to work anymore: >> dtrace: failed to compile script /dev/fd/3: Preprocessor not found >> >> -Chip >> >> > *dtrace-discuss* | Archives > <https://www.listbox.com/member/archive/184261/=now> | Modify > <https://www.listbox.com/member/?member_id=21483086> Your Subscription > <http://www.listbox.com> >
I think you want to look at the IP provider. It provides probes like 'ip:::receive', and arguments that describe the incoming packet. Regrettably, the only docs I know of are Oracle's: https://docs.oracle.com/cd/E36784_01/html/E36846/glhhr.html I think this one-liner will count the unique (source IP, destination IP) tuples for all received packets: # dtrace -n 'ip:::receive{ @[args[2]->ip_saddr, args[2]->ip_daddr] = count(); }' The DTrace book covers this in some detail. For some reason, the original site for the book is offline, but you can find the scripts here: http://www.brendangregg.com/dtracebook/index.html -- Dave ------------------------------------------ illumos: illumos-discuss Permalink: https://illumos.topicbox.com/groups/discuss/T6f0bcf0886339381-M3395d6855fc98463563f8d4a Delivery options: https://illumos.topicbox.com/groups
