Thus far, I've tried to cover how we probe some of the basic features of TCP using the DTrace TCP provider, touching on connection establishment (measuring connection and first-byte latency), TCP's acknowledgement scheme (measuring acknowledgment latency) and TCP's sliding window model (measuring zero window idle time). Before moving on to more advanced topics, I'd like to look at another basic aspect of TCP's acknowledgement-driven reliability scheme - retransmission.

When TCP sends a segment, a retransmission timer is started, and if no acknowledgement is received for that segment after the retransmission timer has expired, it is assumed lost and will be retransmitted. Such retransmission events are easy to pick out using the DTrace provider - the tcps_retransmit field of args[3] (the tcpsinfo_t representing TCP state associated with the connection) will be 1 for tcp:::send events corresponding to retransmission. The following script monitors how many payload (i.e. non-header) bytes are transmitted and retransmitted for each remote host/port:

#!/usr/sbin/dtrace -s #pragma D option quiet tcp:::send / (args[2]->ip_plength - args[4]->tcp_offset) > 0 / { @transmit[args[2]->ip_daddr, args[4]->tcp_dport] = sum(args[2]->ip_plength - args[4]->tcp_offset); } tcp:::send / (args[2]->ip_plength - args[4]->tcp_offset) > 0 && args[3]->tcps_retransmit == 1/ { @retransmit[args[2]->ip_daddr, args[4]->tcp_dport] = sum(args[2]->ip_plength - args[4]->tcp_offset); } END { printf("%-25s %-15s %-15s %-15s\n", "Remote host", "Port", "BytesSent", "BytesResent"); printa("%-25s %-15d %@-15d %@-15d\n", @transmit, @retransmit); } And here's some sample output showing retransmission events for 212.147.135.190/80 and 87.248.210.254/80 - 1042 bytes out of 4189 and 579 bytes out of 5811 were retransmitted respectively. When the ratio of retrasmitted to transmitted bytes is high, further investigation is merited.

# dtrace -s tcp_retransmit.d ^C Remote host Port BytesSent BytesResent 66.102.9.149 80 451 0 65.242.27.32 80 837 0 207.123.61.126 80 2558 0 159.134.196.136 80 2573 0 216.34.207.180 80 2852 0 212.147.135.190 80 4189 1042 87.248.210.254 80 5811 579 89.207.56.140 80 5922 0 66.102.9.144 80 9174 0 82.199.80.141 80 14626 0

Read More about [Monitoring TCP retransmission using the DTrace tcp provider...