Demonstrations of tcpconnlat, the Linux eBPF/bcc version.
This tool traces the kernel function performing active TCP connections
(eg, via a connect() syscall), and shows the latency (time) for the connection
as measured locally: the time from SYN sent to the response packet.
For example:
# ./tcpconnlat
PID COMM IP SADDR DADDR DPORT LAT(ms)
1201 wget 4 10.153.223.157 23.23.100.231 80 1.65
1201 wget 4 10.153.223.157 23.23.100.231 443 1.60
1433 curl 4 10.153.223.157 104.20.25.153 80 0.75
1690 wget 4 10.153.223.157 66.220.156.68 80 1.10
1690 wget 4 10.153.223.157 66.220.156.68 443 0.95
1690 wget 4 10.153.223.157 66.220.156.68 443 0.99
2852 curl 4 10.153.223.157 23.101.17.61 80 250.86
20337 python2.7 6 1234:ab12:2040:5020:2299:0:5:0 1234:ab12:20:9f1d:2299:dde9:0:f5 7001 62.20
21588 nc 6 ::1 ::1 80 0.05
[...]
The first line shows a connection from the "wget" process to the IPv4
destination address 23.23.100.231, port 80. This took 1.65 milliseconds: the
time from the SYN to the response.
TCP connection latency is a useful performance measure showing the time taken
to establish a connection. This typically involves kernel TCP/IP processing
and the network round trip time, and not application runtime.
tcpconnlat measures the time from any connection to the response packet, even
if the response is a RST (port closed).
USAGE message:
# ./tcpconnlat -h
usage: tcpconnlat [-h] [-t] [-p PID] [min_ms]
Trace TCP connects and show connection latency
positional arguments:
min_ms minimum duration to trace, in ms (default 0)
optional arguments:
-h, --help show this help message and exit
-t, --timestamp include timestamp on output
-p PID, --pid PID trace this PID only
examples:
./tcpconnlat # trace all TCP connect()s
./tcpconnlat -t # include timestamps
./tcpconnlat -p 181 # only trace PID 181
./tcpconnlat 1 # only show connects longer than 1 ms
./tcpconnlat 0.1 # only show connects longer than 100 us
./tcpconnlat -v # Show the BPF program