bcc-bindsnoop - Man Page

Trace bind() system calls.

Synopsis

bindsnoop [-h] [-w] [-t] [-p PID] [-P PORT] [-E] [-U] [-u UID] [--count] [--cgroupmap MAP] [--mntnsmap MNTNSMAP]

Description

bindsnoop reports socket options set before the bind call that would impact this system call behavior.

Requirements

CONFIG_BPF and bcc.

Options

Show help message and exit:

-h, --help

Include timestamp on output:

-t, --timestamp

Wider columns (fit IPv6):

-w, --wide

Trace this PID only:

-p PID, --pid PID

Comma-separated list of ports to trace:

-P PORT, --port PORT

Trace cgroups in this BPF map:

--cgroupmap MAP

Trace mount namespaces in this BPF map:

--mntnsmap MNTNSMAP

Include errors in the output:

-E, --errors

Include UID on output:

-U, --print-uid

Trace this UID only:

-u UID, --uid UID

Count binds per src ip and port:

--count

Examples

Trace all IPv4 and IPv6 bind()s

bindsnoop

Include timestamps

bindsnoop -t

Trace PID 181

bindsnoop -p 181

Trace port 80

bindsnoop -P 80

Trace port 80 and 81

bindsnoop -P 80,81

Include UID

bindsnoop -U

Trace UID 1000

bindsnoop -u 1000

Report bind errors

bindsnoop -E

Count bind per src ip

bindsnoop --count

Trace IPv4 and IPv6 bind system calls and report socket options that would impact bind call behavior:

SOL_IP IP_FREEBIND              F....

SOL_IP IP_TRANSPARENT           .T...

SOL_IP IP_BIND_ADDRESS_NO_PORT  ..N..

SOL_SOCKET SO_REUSEADDR         ...R.

SOL_SOCKET SO_REUSEPORT         ....r

SO_BINDTODEVICE interface is reported as "IF" index

Source

This is from bcc.

https://github.com/iovisor/bcc

Also look in the bcc distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.

OS

Linux

Stability

Unstable - in development.

Author

Pavel Dubovitsky

See Also

tcpaccept(8)

Info

12 February 2020