bcc-bindsnoop - Man Page
Trace bind() system calls.
Synopsis
bindsnoop [-h] [-w] [-t] [-p PID] [-P PORT] [-E] [-U] [-u UID] [--count] [--cgroupmap MAP] [--mntnsmap MNTNSMAP]
Description
bindsnoop reports socket options set before the bind call that would impact this system call behavior.
Requirements
CONFIG_BPF and bcc.
Options
Show help message and exit:
-h, --help
Include timestamp on output:
-t, --timestamp
Wider columns (fit IPv6):
-w, --wide
Trace this PID only:
-p PID, --pid PID
Comma-separated list of ports to trace:
-P PORT, --port PORT
Trace cgroups in this BPF map:
--cgroupmap MAP
Trace mount namespaces in this BPF map:
--mntnsmap MNTNSMAP
Include errors in the output:
-E, --errors
Include UID on output:
-U, --print-uid
Trace this UID only:
-u UID, --uid UID
Count binds per src ip and port:
--count
Examples
Trace all IPv4 and IPv6 bind()s
bindsnoop
Include timestamps
bindsnoop -t
Trace PID 181
bindsnoop -p 181
Trace port 80
bindsnoop -P 80
Trace port 80 and 81
bindsnoop -P 80,81
Include UID
bindsnoop -U
Trace UID 1000
bindsnoop -u 1000
Report bind errors
bindsnoop -E
Count bind per src ip
bindsnoop --count
Trace IPv4 and IPv6 bind system calls and report socket options that would impact bind call behavior:
SOL_IP IP_FREEBIND F....
SOL_IP IP_TRANSPARENT .T...
SOL_IP IP_BIND_ADDRESS_NO_PORT ..N..
SOL_SOCKET SO_REUSEADDR ...R.
SOL_SOCKET SO_REUSEPORT ....r
SO_BINDTODEVICE interface is reported as "IF" index
Source
This is from bcc.
https://github.com/iovisor/bcc
Also look in the bcc distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.
OS
Linux
Stability
Unstable - in development.
Author
Pavel Dubovitsky
See Also
tcpaccept(8)