NAME

       undump.bt - Catch UNIX domain socket packages. Uses bpftrace/eBPF.

SYNOPSIS

       undump.bt

DESCRIPTION

       undump.bt tracked reception of UNIX domain sockets.

       This program is also a basic example of bpftrace and kprobes.

       Since this uses BPF, only the root user can use this tool.

REQUIREMENTS

       CONFIG_BPF and bpftrace.

EXAMPLES

       Trace reception of UNIX domain sockets:
              # undump.bt

FIELDS

       TIME   A timestamp on the output, in "HH:MM:SS" format.

       COMM   The process COMM.

       PID    The process ID.

       SIZE   The size of the received packet, in bytes.

       DATA   Display received packets in hex or string.

OVERHEAD

       The overhead of this program mainly comes from the data packets received by the terminal output.

SOURCE

       This is from bpftrace.

              https://github.com/bpftrace/bpftrace

       Also  look  in  the  bpftrace  distribution  for a companion _examples.txt file containing example usage,
       output, and commentary for this tool.

       This is a bpftrace version of the bcc examples/tracing of the same name.  The bcc tool may  provide  more
       options and customizations.

              https://github.com/iovisor/bcc

OS

       Linux

STABILITY

       Unstable - in development.

AUTHOR

       Rong Tao

SEE ALSO

       opensnoop.bt(8)

USER COMMANDS                                      2022-06-03                                       undump.bt(8)