1Demonstrations of tcpconnlat, the Linux eBPF/bcc version.
2
3
4This tool traces the kernel function performing active TCP connections
5(eg, via a connect() syscall), and shows the latency (time) for the connection
6as measured locally: the time from SYN sent to the response packet.
7For example:
8
9# ./tcpconnlat
10PID    COMM         IP SADDR            DADDR            DPORT LAT(ms)
111201   wget         4  10.153.223.157   23.23.100.231    80    1.65
121201   wget         4  10.153.223.157   23.23.100.231    443   1.60
131433   curl         4  10.153.223.157   104.20.25.153    80    0.75
141690   wget         4  10.153.223.157   66.220.156.68    80    1.10
151690   wget         4  10.153.223.157   66.220.156.68    443   0.95
161690   wget         4  10.153.223.157   66.220.156.68    443   0.99
172852   curl         4  10.153.223.157   23.101.17.61     80    250.86
1820337  python2.7    6  1234:ab12:2040:5020:2299:0:5:0 1234:ab12:20:9f1d:2299:dde9:0:f5 7001  62.20
1921588  nc           6  ::1              ::1              80    0.05
20[...]
21
22The first line shows a connection from the "wget" process to the IPv4
23destination address 23.23.100.231, port 80. This took 1.65 milliseconds: the
24time from the SYN to the response.
25
26TCP connection latency is a useful performance measure showing the time taken
27to establish a connection. This typically involves kernel TCP/IP processing
28and the network round trip time, and not application runtime.
29
30tcpconnlat measures the time from any connection to the response packet, even
31if the response is a RST (port closed).
32
33
34USAGE message:
35
36# ./tcpconnlat -h
37usage: tcpconnlat [-h] [-t] [-p PID] [min_ms]
38
39Trace TCP connects and show connection latency
40
41positional arguments:
42  min_ms             minimum duration to trace, in ms (default 0)
43
44optional arguments:
45  -h, --help         show this help message and exit
46  -t, --timestamp    include timestamp on output
47  -p PID, --pid PID  trace this PID only
48
49examples:
50    ./tcpconnlat           # trace all TCP connect()s
51    ./tcpconnlat -t        # include timestamps
52    ./tcpconnlat -p 181    # only trace PID 181
53    ./tcpconnlat 1         # only show connects longer than 1 ms
54    ./tcpconnlat 0.1       # only show connects longer than 100 us
55    ./tcpconnlat -v        # Show the BPF program
56