Install Now
undump.bt - Catch UNIX domain socket packages. Uses bpftrace/eBPF.
Contents
Description
undump.bt tracked reception of UNIX domain sockets.
This program is also a basic example of bpftrace and kprobes.
Since this uses BPF, only the root user can use this tool.
Examples
Trace reception of UNIX domain sockets:
# undump.btFields
TIME A timestamp on the output, in "HH:MM:SS" format.
COMM The process COMM.
PID The process ID.
SIZE The size of the received packet, in bytes.
DATA Display received packets in hex or string.
Name
undump.bt - Catch UNIX domain socket packages. Uses bpftrace/eBPF.
Os
Linux
Overhead
The overhead of this program mainly comes from the data packets received by the terminal output.
Requirements
CONFIG_BPF and bpftrace.
See Also
opensnoop.bt(8) USER COMMANDS 2022-06-03 undump.bt(8)
Source
This is from bpftrace.
https://github.com/bpftrace/bpftrace
Also look in the bpftrace distribution for a companion _examples.txt file containing example usage,
output, and commentary for this tool.
This is a bpftrace version of the bcc examples/tracing of the same name. The bcc tool may provide more
options and customizations.
https://github.com/iovisor/bcc
Stability
Unstable - in development.
Synopsis
undump.bt
PNG Icons