1undump.bt(8) System Manager's Manual undump.bt(8)
2
3
4
6 undump.bt - Catch UNIX domain socket packages. Uses bpftrace/eBPF.
7
9 undump.bt
10
12 undump.bt tracked reception of UNIX domain sockets.
13
14 This program is also a basic example of bpftrace and kprobes.
15
16 Since this uses BPF, only the root user can use this tool.
17
19 CONFIG_BPF and bpftrace.
20
22 Trace reception of UNIX domain sockets:
23 # undump.bt
24
26 TIME A timestamp on the output, in "HH:MM:SS" format.
27
28 COMM The process COMM.
29
30 PID The process ID.
31
32 SIZE The size of the received packet, in bytes.
33
34 DATA Display received packets in hex or string.
35
37 The overhead of this program mainly comes from the data packets re‐
38 ceived by the terminal output.
39
41 This is from bpftrace.
42
43 https://github.com/iovisor/bpftrace
44
45 Also look in the bpftrace distribution for a companion _examples.txt
46 file containing example usage, output, and commentary for this tool.
47
48 This is a bpftrace version of the bcc examples/tracing of the same
49 name. The bcc tool may provide more options and customizations.
50
51 https://github.com/iovisor/bcc
52
54 Linux
55
57 Unstable - in development.
58
60 Rong Tao
61
63 opensnoop.bt(8)
64
65
66
67USER COMMANDS 2022-06-03 undump.bt(8)