Provided by: bpfcc-tools_0.5.0-5ubuntu1_all 
NAME
tcpaccept - Trace TCP passive connections (accept()). Uses Linux eBPF/bcc.
SYNOPSIS
tcpaccept [-h] [-t] [-x] [-p PID]
DESCRIPTION
This tool traces passive TCP connections (eg, via an accept() syscall; connect() are active connections).
This can be useful for general troubleshooting to see what new connections the local server is accepting.
This uses dynamic tracing of the kernel inet_csk_accept() socket function (from tcp_prot.accept), and
will need to be modified to match kernel changes.
This tool only traces successful TCP accept()s. Connection attempts to closed ports will not be shown
(those can be traced via other functions).
Since this uses BPF, only the root user can use this tool.
REQUIREMENTS
CONFIG_BPF and bcc.
OPTIONS
-h Print usage message.
-t Include a timestamp column.
-p PID Trace this process ID only (filtered in-kernel).
EXAMPLES
Trace all passive TCP connections (accept()s):
# tcpaccept
Trace all TCP accepts, and include timestamps:
# tcpconnect -t
Trace PID 181 only:
# tcpconnect -p 181
FIELDS
TIME(s)
Time of the event, in seconds.
PID Process ID
COMM Process name
IP IP address family (4 or 6)
RADDR Remote IP address.
LADDR Local IP address.
LPORT Local port
OVERHEAD
This traces the kernel inet_csk_accept function and prints output for each event. The rate of this
depends on your server application. If it is a web or proxy server accepting many tens of thousands of
connections per second, then the overhead of this tool may be measurable (although, still a lot better
than tracing every packet). If it is less than a thousand a second, then the overhead is expected to be
negligible. Test and understand this overhead before use.
SOURCE
This is from bcc.
https://github.com/iovisor/bcc
Also look in the bcc distribution for a companion _examples.txt file containing example usage, output,
and commentary for this tool.
OS
Linux
STABILITY
Unstable - in development.
AUTHOR
Brendan Gregg
SEE ALSO
tcpconnect(8), funccount(8), tcpdump(8)