A few spy tools for your software system

A few spy tools for your software system (other than strace!)


There area unit such a large amount of amazing tools you'll be able to use to search out out what’s happening together with your laptop. Here area unit some that exist on Linuxthey couldexist on your OS too!

netstat

netstat tells you what ports area unit open on your laptopthis is often crazy helpful if you would like to understand if the service that's imagined to be listening on port 8080 is truly listening on port 8080.
1
2
3
4
5
6
7
sudo netstat -tulpn
[sudo] password for bork: 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address       Foreign Address     State       PID/Program name
tcp        0      0 127.0.0.1:631       0.0.0.0:*           LISTEN      1658/cupsd      
tcp        0      0 127.0.0.1:5432      0.0.0.0:*           LISTEN      1823/postgres   
tcp        0      0 127.0.0.1:6379      0.0.0.0:*           LISTEN      2516/redis-server
If you explore the Program Name column on the proper, you’ll see that apparently I actually havecupsd (printing), postgres, and redis servers running on my machine, in addition as another stuff that I redacted. I even have no plan why I had redis put in thus uh yea I uninstalled it.

I use netstat pretty usually once I’m attempting to right “omg why is that this issue not running it'simagined to BE RUNNING”. netstat tells Maine the reality concerning whether or not it's running.

dstat

Want to understand what quantity knowledge is truly being written to your physical disc drive right this second? yea you are doing. dstat is aware of that. It prints a row each second with stats for that second. i really like dstat as a result of it’s thus easy.

1
2
3
4
5
6
7
8
----total-cpu-usage---- -dsk/total- -net/total- ---paging-- ---system--
usr sys idl wai hiq siq| read  writ| recv  send|  in   out | int   csw 
 32  38  30   0   0   0|  28k   81k|   0     0 |   4B  123B| 441  2184 
 12  29  59   0   0   0|   0   184k|  66B   86B|   0     0 |1428  6031 
  9  26  65   0   0   0|   0   576k| 518B  528B|   0     0 |1157  4611 
  9  25  66   0   0   0|   0   144k|   0     0 |   0     0 |1100  5249 
 14  27  59   0   0   0|   0     0 |  60B    0 |   0     0 |1001  4285 
  9  29  62   0   0   0|   0   180k| 122B   82B|   0     0 |1166  5416

lsof

lsof tells you which of them files each method has open currently|immediately|at once|right away|without delay|straight away}! That’s all! it's amazing a similar method dstat and netstat area unit amazing – you would like to understand what files area unit open right now, it tells you what files area unit open right away, you’re done <3.

It also can tell you what position within the file the method is at, thus you'll be able to establishwhat reasonably progress it’s creating reading the file.

ngrep / tcpdump

Okay currently we’re moving from “super easy tool that do i thing” to “tcpdump that incorporates abillion choices and conjointly this whole BPF berkeley packet filter business and what's this filter language even”. thus I’m not aiming to make a case for a way to use tcpdump as a result of I don’t even extremely apprehend.

Let’s say you would like to

reverse engineer a protocol
find out if there’s extremely terrible latency or if everything is slow for a few alternative reason
debug why your POST request is formatted wrong during a world before google chrome dev tools
To do all of this, you would like to spy on network activity! ngrep and tcpdump capture packets, allow you to filter them, and show you what you’re yearning for. I’m not aiming to make a case for a way to use them here however this ngrep tutorial appearance pretty helpful. If you’re gazing output from tcpdump you ought to in all probability dump it to a pcap file and use Wireshark to seem at it instead. Wireshark is that the best and method easier to know as a result of it’s a interface and it makes everything pretty for you.

as perpetually with these systems tools, ngrep / tcpdump can tell you The Truth™ concerning what’shappening on your network.

If you would like to understand however individuals use tcpdump, you ought to browse the replies to the current tweet “do you utilize tcpdump in your every day life? what does one use it for?”as a result of the folks that follow Maine on twitter area unit the simplestextremely go browsethem! there's most fascinating stuff there.

opensnoop & ftrace

Do you need to understand each file your system is gap right now? There’s a script in Brendan Gregg’s perf-tools assortment that will that!

I’m largely as well as this as Associate in Nursing example to indicate that lots of stuff is feasibleto understand – the scripts therein repo don’t work with each Linux kernel version (I required to change it to urge it to figure with Linux three.13). however they use a tracing framework within theLinux kernel known as ‘ftrace’ which will tell you every kind of stuff.

ftrace sounds like quite little bit of work to be told a way to use, however conjointly extremelypowerful. essentially you access it by doing numerous things to files in /sys/kernel/debug/tracing, or by employing a wrapper command known as trace-cmd. It’s all engineered into Linux!

atop

atop is like primehowever it shows you a lot of stuff and you would like to run it as root. thus it’ll show Maine the {cpu|central methoding unit|CPU|C.P.U.|central processor|processor|mainframe|electronic equipment|hardware|computer hardware} & memory usagefor every process, however conjointly what quantity disk & network I/O it’s doing. It’s neat andalittle terrific to seem at initially (SO several NUMBERS).