I've started looking at DTrace - a really wonderful little utility! However, I'm quite the beginner. I got basic traces running without problem, but now I have a task I don't really know how to solve.
I would like to trace the TCP activity for a specific process, ie bytes sent/recieved. I don't know that much about the inner workings of OS X, so I'm a little confused on where to start.
I've found probes such as "tcp::tcp_output:send" and "tcp::tcp_input:receive" - if I trace the output execnames I do get a list that looks pretty accurate in terms of calls/second, however the tcp_input only triggers from kernel_task. Also, I thought I might get the size of the sent data from the arguments, but from what I can see all arumets to those are 0.
To sum it up, I'm just guessing wildly at what I'm doing here - I'm not sure if it's possible to even accomplish this, and if it is, I don't really have any idea what probes I need to watch, or what the format of their arguments are (probably structs containing data, but I haven't found any API documentation I can match to the probes).
I would be very grateful on any hints on what probes that might be of use to me (if there are any), and how I can find the documentations for those calls to extract the data I need from the trace.
Any help appreciated!
I would like to trace the TCP activity for a specific process, ie bytes sent/recieved. I don't know that much about the inner workings of OS X, so I'm a little confused on where to start.
I've found probes such as "tcp::tcp_output:send" and "tcp::tcp_input:receive" - if I trace the output execnames I do get a list that looks pretty accurate in terms of calls/second, however the tcp_input only triggers from kernel_task. Also, I thought I might get the size of the sent data from the arguments, but from what I can see all arumets to those are 0.
To sum it up, I'm just guessing wildly at what I'm doing here - I'm not sure if it's possible to even accomplish this, and if it is, I don't really have any idea what probes I need to watch, or what the format of their arguments are (probably structs containing data, but I haven't found any API documentation I can match to the probes).
I would be very grateful on any hints on what probes that might be of use to me (if there are any), and how I can find the documentations for those calls to extract the data I need from the trace.
Any help appreciated!