Try the DTrace one-liners and scripts listed in the sections that follow.

In addition to those DTrace tools, familiarize yourself with existing network statistic tools. For example, netstat -s shows various TCP/IP statistics, netstat -i shows network interface statistics, and you can use tcpdump or snoop for packet details. The metrics that these print can be treated as starting points for customization with DTrace.

Locate or write tools to generate known network I/O, which could be as simple as using ftp to transfer a large file of a known size. Many tools exist to generate TCP and UDP I/O, including ttcp for simple TCP connections and uperf for sophisticated network I/O. It is extremely helpful to have known workloads to examine while developing DTrace scripts.

Customize and write your own one-liners and scripts using the syscall provider for socket I/O.

If available, try the mib, ip, tcp, and udp providers for writing stable one-liners and scripts.

To dig deeper than these providers allow, familiarize yourself with how the kernel and user-land processes call network I/O by examining stack back-traces (see the “fbt Provider” section). Also refer to functional diagrams of the network stack such as the OSI model shown in Figure 6-1 and the network flow diagrams. Refer to published kernel texts such as Solaris Internals (McDougall and Mauro, 2006) and Mac OS X Internals (Singh, 2006).

Examine kernel internals for network I/O by using the fbt provider, and refer to kernel source code (if available). Be aware that scripts using fbt may require maintenance to match updates to the kernel software.