A few spy tools for your software system

A few spy tools for your software system (other than strace!)


There area unit such a large amount of amazing tools you'll be able to use to search out out what’s happening together with your laptop. Here area unit some that exist on Linux. they couldexist on your OS too!

netstat

netstat tells you what ports area unit open on your laptop. this is often crazy helpful if you would like to understand if the service that's imagined to be listening on port 8080 is truly listening on port 8080.

1 2 3 4 5 6 7

sudo netstat -tulpn [sudo] password for bork: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1658/cupsd tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1823/postgres tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 2516/redis-server

If you explore the Program Name column on the proper, you’ll see that apparently I actually havecupsd (printing), postgres, and redis servers running on my machine, in addition as another stuff that I redacted. I even have no plan why I had redis put in thus uh yea I uninstalled it.

I use netstat pretty usually once I’m attempting to right “omg why is that this issue not running it'simagined to BE RUNNING”. netstat tells Maine the reality concerning whether or not it's running.

dstat

Want to understand what quantity knowledge is truly being written to your physical disc drive right this second? yea you are doing. dstat is aware of that. It prints a row each second with stats for that second. i really like dstat as a result of it’s thus easy.

1 2 3 4 5 6 7 8

----total-cpu-usage---- -dsk/total- -net/total- ---paging-- ---system-- usr sys idl wai hiq siq| read writ| recv send| in out | int csw 32 38 30 0 0 0| 28k 81k| 0 0 | 4B 123B| 441 2184 12 29 59 0 0 0| 0 184k| 66B 86B| 0 0 |1428 6031 9 26 65 0 0 0| 0 576k| 518B 528B| 0 0 |1157 4611 9 25 66 0 0 0| 0 144k| 0 0 | 0 0 |1100 5249 14 27 59 0 0 0| 0 0 | 60B 0 | 0 0 |1001 4285 9 29 62 0 0 0| 0 180k| 122B 82B| 0 0 |1166 5416

lsof

lsof tells you which of them files each method has open currently|immediately|at once|right away|without delay|straight away}! That’s all! it's amazing a similar method dstat and netstat area unit amazing – you would like to understand what files area unit open right now, it tells you what files area unit open right away, you’re done <3.

It also can tell you what position within the file the method is at, thus you'll be able to establishwhat reasonably progress it’s creating reading the file.

ngrep / tcpdump

Okay currently we’re moving from “super easy tool that do i thing” to “tcpdump that incorporates abillion choices and conjointly this whole BPF berkeley packet filter business and what's this filter language even”. thus I’m not aiming to make a case for a way to use tcpdump as a result of I don’t even extremely apprehend.

Let’s say you would like to

reverse engineer a protocol
find out if there’s extremely terrible latency or if everything is slow for a few alternative reason
debug why your POST request is formatted wrong during a world before google chrome dev tools
To do all of this, you would like to spy on network activity! ngrep and tcpdump capture packets, allow you to filter them, and show you what you’re yearning for. I’m not aiming to make a case for a way to use them here however this ngrep tutorial appearance pretty helpful. If you’re gazing output from tcpdump you ought to in all probability dump it to a pcap file and use Wireshark to seem at it instead. Wireshark is that the best and method easier to know as a result of it’s a interface and it makes everything pretty for you.

as perpetually with these systems tools, ngrep / tcpdump can tell you The Truth™ concerning what’shappening on your network.

If you would like to understand however individuals use tcpdump, you ought to browse the replies to the current tweet “do you utilize tcpdump in your every day life? what does one use it for?”as a result of the folks that follow Maine on twitter area unit the simplest. extremely go browsethem! there's most fascinating stuff there.

opensnoop & ftrace

Do you need to understand each file your system is gap right now? There’s a script in Brendan Gregg’s perf-tools assortment that will that!

I’m largely as well as this as Associate in Nursing example to indicate that lots of stuff is feasibleto understand – the scripts therein repo don’t work with each Linux kernel version (I required to change it to urge it to figure with Linux three.13). however they use a tracing framework within theLinux kernel known as ‘ftrace’ which will tell you every kind of stuff.

ftrace sounds like quite little bit of work to be told a way to use, however conjointly extremelypowerful. essentially you access it by doing numerous things to files in /sys/kernel/debug/tracing, or by employing a wrapper command known as trace-cmd. It’s all engineered into Linux!

atop

atop is like prime, however it shows you a lot of stuff and you would like to run it as root. thus it’ll show Maine the {cpu|central methoding unit|CPU|C.P.U.|central processor|processor|mainframe|electronic equipment|hardware|computer hardware} & memory usagefor every process, however conjointly what quantity disk & network I/O it’s doing. It’s neat andalittle terrific to seem at initially (SO several NUMBERS).