Skip to main content
Retis is a powerful eBPF-based packet tracing tool designed to provide deep visibility into the Linux networking stack. It helps you understand what happens to packets as they traverse your system, integrating with control and data paths such as Open vSwitch (OvS) and Netfilter.

Installation

Get Retis running on your system with containers, packages, or from source

Quickstart

Start tracing packets in minutes with a simple example

Commands

Explore the retis command-line interface and subcommands

Collectors

Learn about collectors that gather specific networking data

Why Retis?

Retis aims to provide better visibility on complex single-host topologies and linking useful context. It is designed to be modular in terms of what kind of data is retrieved and where it is retrieved from.

Key Features

eBPF Probes

Operates on “skb-enabled” functions and tracepoints without requiring compilation on the target

Advanced Filtering

Filter by packet content (pcap-filter syntax) or metadata (kernel structure fields)

Packet Tracking

Track and reconstruct packet journeys through the networking stack

Rich Context

Retrieve more than just packets: metadata, conntrack info, OvS data, and more

Use Cases

Retis is ideal for:
  • Debugging networking issues on complex topologies with multiple network namespaces, bridges, or virtual devices
  • Exploring the Linux networking stack to understand packet flows and transformations
  • Testing features in CI/CD pipelines to validate networking behavior
  • Monitoring packet drops with detailed stack traces and drop reasons
  • Analyzing conntrack and NAT interactions with Netfilter and nftables

Example: Basic Packet Tracing

Collecting packet events going in and out of network devices can be as simple as: 
retis collect
This command starts collecting events using default probes and collectors, displaying output like: 
Collector(s) started: ct, nft, dev, skb, skb-drop, skb-tracking, ns
No probe(s) given: using tp:net:netif_receive_skb, tp:net:net_dev_start_xmit
7 probe(s) loaded

10041392747167 (9) [ping] 23932 [tp] net:net_dev_start_xmit #921f1a5d29fffff8ca2dd79f440 (skb ffff8ca30bbc3100)
  [redacted] > 2606:4700:4700::1111 ttl 64 label 0x18000 len 64 proto ICMPv6 (58) type 128 code 0
  ns 0x1/4026531840 if 4 (wlp82s0)

10041404857427 (0) [irq/177-iwlwifi] 1907 [tp] net:netif_receive_skb #921f25e9c53ffff8ca1c2e62100 (skb ffff8ca00f09f500)
  2606:4700:4700::1111 > [redacted] ttl 54 label 0xb57aa len 64 proto ICMPv6 (58) type 129 code 0
  ns 0x1/4026531840 if 4 (wlp82s0)

Next Steps

Install Retis

Choose your installation method

Follow the Quickstart

Run your first packet trace

Learn Core Concepts

Understand collectors, filters, and profiles

Browse API Reference

Explore event section structures

Build docs developers (and LLMs) love

Get started for freeTalk to us