1sofdsnoop(8) System Manager's Manual sofdsnoop(8)
2
6 sofdsnoop - Trace FDs passed through unix sockets. Uses Linux eBPF/bcc.
7
9 sofdsnoop [-h] [-T] [-p PID] [-t TID] [-n NAME] [-d DURATION]
10
12 sofdsnoop traces FDs passed through unix sockets
13 Every file descriptor that is passed via unix sockets os displayed on
15 separate line together with process info (TID/COMM columns), ACTION
16 details (SEND/RECV), file descriptor number (FD) and its translation to
17 file if available (NAME).
18 Since this uses BPF, only the root user can use this tool.
20
22 CONFIG_BPF and bcc.
23
25 -h Print usage message.
26 -T Include a timestamp column.
28 -p PID Trace this process ID only (filtered in-kernel).
30 -t TID Trace this thread ID only (filtered in-kernel).
32 -d DURATION
34 Total duration of trace in seconds.
35 -n NAME
37 Only print command lines matching this command name (regex)
38
40 Trace all sockets:
41 # sofdsnoop
42 Trace all sockets, and include timestamps:
44 # sofdsnoop -T
45 Only trace sockets where the process contains "server":
47 # sofdsnoop -n server
48
50 TIME(s)
51 Time of SEDN/RECV actions, in seconds.
52 ACTION Operation on the fd SEND/RECV.
54 TID Process TID
56 COMM Parent process/command name.
58 SOCKET The socket carrier.
60 FD file descriptor number
62 NAME file name for SEND lines
64
66 This is from bcc.
67 https://github.com/iovisor/bcc
69 Also look in the bcc distribution for a companion _examples.txt file
71 containing example usage, output, and commentary for this tool.
72
74 Linux
75
77 Unstable - in development.
78
80 Jiri Olsa
81
83 opensnoop(1)
84USER COMMANDS 2018-11-08 sofdsnoop(8)