Write traffic on port 80 (HTTP) to a file. Rotate log file after 10Mb. Keep 5 files.
$ sudo tcpdump port 80 -n -i any -w /tmp/traffic -p -C 10 -W 5 -s 1500
This gist shows how to monitor HTTP requests.
On OSX remember to install tcpdump with brew:
$ brew install tcpdump
Monitor network and disk IO:
dstat -tTo get the list of available system calls use:
sudo dtrace -ln 'syscall:::entry'Find which files a program is opening (same as strace -f -p $PID -e open):
sudo dtruss -t open_nocancel -p $PIDAlso see ls /usr/bin/.d*
Monitor system calls made by an app:
strace ruby app.rbWrites all system calls made by SSH, and subprocesses (-f), to a file named ssh.txt:
strace -f -o ssh.txt ssh jebus.comSpy on all ‘open’ system calls made by a process:
strace -f -p $PID -e openUse these commands to see a list of all available system calls (Linux only):
man syscallsMonitor what files are being opened:
opensnoop -p $PID
strace -e open -p $PIDPipe/copy data over a network:
cat request.txt | nc metafilter.com 80Find which programs are listening to which port:
sudo netstat -tunapl
lsof -i -P # OSXListen to traffic containing the string “localhost” on any network interface:
sudo ngrep -d any localhostListen to traffic containing the string “localhost” on any network interface:
sudo tcpdump port 80 -w http.pcapWrites a pcap file that can be analyzed with Wireshark.
Analyze pcap files from ngrep, tcpdump, etc:
wireshark http.pcapRun perf, a sampling profiler, to see where your application is spending its time:
sudo perf record ruby app.rbFind out what the program using the most CPU time is doing:
sudo perf topFind out if an app is using the L1 cache which is ~200 times faster than RAM:
sudo perf stat -e L1-dcache-load-misses my_golang_app