Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint


To get started using DTrace to examine application protocol I/O, follow these steps (the target of each step is in bold):

Try the DTrace one-liners and scripts listed in the sections that follow.

In addition to those DTrace tools, familiarize yourself with existing network statistic tools. For example, you can use nfsstat for NFS statistics, and you can use tcpdump or snoop for packet details including the application protocol. The metrics that these print can be treated as starting points for customization with DTrace.

Locate or write tools to generate known network I/O, which could be as simple as using ftp to transfer a large file of a known size. When testing over NFS and other network shares, regular file system benchmark tools including Filebench can be applied to a mounted share to generate network I/O. It is extremely helpful to have known workloads to examine while developing DTrace scripts.

Check which stable providers exist and are available on your operating system to examine the protocol, such as the nfsv3 provider for examining NFSv3. You can use these to write stable one-liners and scripts that should continue to work for future operating system updates.

If no stable provider is available, first check whether the protocol is kernel-based (for example, most NFS server and client drivers) or user-land-based (for example, the iSCSI daemon iscsitgtd). For kernel-based protocols, check what probes are available in the sdt and fbt providers; for user-land-based protocols, check the pid and syscall providers. Simple ways to check include listing the probes and using grep and frequency counting events with a known workload.

If the source code is available, it can be examined to find suitable probe points for either the fbt or pid provider and to see what arguments may be available for these probes. If the source code isn’t available, program flow may be determined by tracing entry and return probes with the flowindent pragma and also by examining stack backtraces.


You are currently reading a PREVIEW of this book.


Get instant access to over $1 million worth of books and videos.


Start a Free 10-Day Trial

  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint