| tcptop(8) | System Manager's Manual | tcptop(8) |
tcptop - Summarize TCP send/recv throughput by host. Top for TCP.
tcptop [-h] [-C] [-S] [-p PID] [--cgroupmap MAPPATH]
[--mntnsmap MAPPATH] [interval] [count] [-4 | -6]
This is top for TCP sessions.
This summarizes TCP send/receive Kbytes by host, and prints a summary that refreshes, along other system-wide metrics.
This uses dynamic tracing of kernel TCP send/receive functions, and will need to be updated to match kernel changes.
The traced TCP functions are usually called at a lower rate than per-packet functions, and therefore have lower overhead. The traced data is summarized in-kernel using a BPF map to further reduce overhead. At very high TCP event rates, the overhead may still be measurable. See the OVERHEAD section for more details.
Since this uses BPF, only the root user can use this tool.
CONFIG_BPF and bcc.
This traces all send/receives in TCP, high in the TCP/IP stack (close to the application) which are usually called at a lower rate than per-packet functions, lowering overhead. It also summarizes data in-kernel to further reduce overhead. These techniques help, but there may still be measurable overhead at high send/receive rates, eg, ~13% of one CPU at 100k events/sec. use funccount to count the kprobes in the tool to find out this rate, as the overhead is relative to the rate. Some sample production servers tested found total TCP event rates of 4k to 15k per second, and the CPU overhead at these rates ranged from 0.5% to 2.0% of one CPU. If your send/receive rate is low (eg, <1000/sec) then the overhead is expected to be negligible; Test in a lab environment first.
This is from bcc.
Also look in the bcc distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.
Linux
Unstable - in development.
Brendan Gregg
top(1) by William LeFebvre
| 2020-03-08 | USER COMMANDS |