commit efcb30fc1da3e6202262273253634e436b1a408d
author Rodrigo Manyari <rodrigo@twosigma.com> Mon Mar 05 22:55:17 2018 -0500
committer Rodrigo Manyari <rodrigo@twosigma.com> Mon Mar 05 22:55:17 2018 -0500
tree 63a72eb3bb9603b5b1ff8a08f054d0164d27a7e7
parent ae91325455bb1eab7b2e22b48f2ab3ccb83dc51e

tools/tcpsubnet: add time and time to output, default 0.0.0.0/0, update doc

tools/tcpsubnet_example.txt

diff --git a/tools/tcpsubnet_example.txt b/tools/tcpsubnet_example.txt
index e56f886..72a6172 100644
--- a/tools/tcpsubnet_example.txt
+++ b/tools/tcpsubnet_example.txt
@@ -6,8 +6,15 @@
 
 # tcpsubnet
 Tracing... Output every 1 secs. Hit Ctrl-C to end
+[03/05/18 22:32:47]
 127.0.0.1/32               8
+[03/05/18 22:32:48]
+[03/05/18 22:32:49]
+[03/05/18 22:32:50]
+[03/05/18 22:32:51]
+[03/05/18 22:32:52]
 127.0.0.1/32              10
+[03/05/18 22:32:53]
 
 This example output shows the number of bytes sent to 127.0.0.1/32 (the
 loopback interface). For demo purposes, I set netcat listening on port
@@ -20,6 +27,9 @@
 The first line sends 7 digits plus the null character (8 bytes)
 The second line sends 9 digits plus the null character (10 bytes)
 
+Notice also, how tcpsubnet prints a header line with the current date
+and time formatted in the current locale.
+
 Try it yourself to get a feeling of how tcpsubnet works.
 
 By default, tcpsubnet will categorize traffic in the following subnets:
@@ -28,7 +38,10 @@
 - 10.0.0.0/8
 - 172.16.0.0/12
 - 192.168.0.0/16
+- 0.0.0.0/0
 
+The last subnet is a catch-all. In other words, anything that doesn't
+match the first 4 defaults will be categorized under 0.0.0.0/0
 You can change this default behavoir by passing a comma separated list
 of subnets. Let's say we would like to know how much traffic we
 are sending to github.com. We first find out what IPs github.com resolves
@@ -43,25 +56,35 @@
  
 # tcpsubnet.py 192.30.253.110/27,0.0.0.0/0
 Tracing... Output every 1 secs. Hit Ctrl-C to end
-0.0.0.0/0               3516
-192.30.253.110/27       2501
-192.30.253.110/27         37
-0.0.0.0/0               2037
-192.30.253.110/27       1146
-192.30.253.110/27      12698
+[03/05/18 22:38:58]
+0.0.0.0/0               5780
+192.30.253.110/27       2205
+[03/05/18 22:38:59]
+0.0.0.0/0               2036
+192.30.253.110/27       1183
+[03/05/18 22:39:00]
+[03/05/18 22:39:01]
+192.30.253.110/27      12537
 
 If we would like to be more accurate, we can use the two IPs returned
 by dig, Eg:
 
 # tcpsubnet 192.30.253.113/32,192.130.253.112/32,0.0.0.0/0
 Tracing... Output every 1 secs. Hit Ctrl-C to end
-0.0.0.0/0               4416
-192.30.253.113/32        230
-0.0.0.0/0               3138
-192.30.253.113/32       1337
-0.0.0.0/0               2537
-0.0.0.0/0               3206
-0.0.0.0/0              12736
+[03/05/18 22:42:56]
+0.0.0.0/0               1177
+192.30.253.113/32        910
+[03/05/18 22:42:57]
+0.0.0.0/0              48704
+192.30.253.113/32        892
+[03/05/18 22:42:58]
+192.30.253.113/32        891
+0.0.0.0/0                858
+[03/05/18 22:42:59]
+0.0.0.0/0              11159
+192.30.253.113/32        894
+[03/05/18 22:43:00]
+0.0.0.0/0              60601
 
 NOTE: When used in production, it is expected that you will have full
 information about your network topology. In which case you won't need
@@ -79,9 +102,12 @@
 Eg:
 
 # tcpsubnet -fK 0.0.0.0/0
+[03/05/18 22:44:04]
+0.0.0.0/0                  1
+[03/05/18 22:44:05]
 0.0.0.0/0                  5
-0.0.0.0/0                 10
-0.0.0.0/0                 16
+[03/05/18 22:44:06]
+0.0.0.0/0                 31
 
 Just like the majority of the bcc tools, tcpsubnet supports -i and --ebpf
 
@@ -91,16 +117,17 @@
 Last but not least, it supports -J [--json] to print the output in
 JSON format. This is handy if you're calling tcpsubnet from another
 program (say a nodejs server) and would like to have a structured stdout.
+The output in JSON format will also include the date and time.
 Eg:
 
 # tcpsubnet -J -fK 192.130.253.110/27,0.0.0.0/0
-{}
-{"0.0.0.0/0": 3, "192.30.253.110/27": 2}
-{"192.30.253.110/27": 0}
-{"0.0.0.0/0": 1, "192.30.253.110/27": 1}
-{"0.0.0.0/0": 0}
-{"192.30.253.110/27": 13}
-{}
+{"date": "03/05/18", "entries": {"0.0.0.0/0": 2}, "time": "22:46:27"}
+{"date": "03/05/18", "entries": {}, "time": "22:46:28"}
+{"date": "03/05/18", "entries": {}, "time": "22:46:29"}
+{"date": "03/05/18", "entries": {}, "time": "22:46:30"}
+{"date": "03/05/18", "entries": {"192.30.253.110/27": 0}, "time": "22:46:31"}
+{"date": "03/05/18", "entries": {"192.30.253.110/27": 1}, "time": "22:46:32"}
+{"date": "03/05/18", "entries": {"192.30.253.110/27": 18}, "time": "22:46:32"}
 
 
 USAGE:
@@ -126,7 +153,7 @@
 examples:
     ./tcpsubnet                 # Trace TCP sent to the default subnets:
                                 # 127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,
-                                # 192.168.0.0/16
+                                # 192.168.0.0/16,0.0.0.0/0
     ./tcpsubnet -f K            # Trace TCP sent to the default subnets
                                 # aggregated in KBytes.
     ./tcpsubnet 10.80.0.0/24    # Trace TCP sent to 10.80.0.0/24 only