strace is a tool for tracing system calls on Linux. Similar debugging tools are dtrace and ktrace.

Introduction[edit | edit source]

Run any command through strace to see all system calls that are generated by the program. Eg.

$ strace ping

System calls are all APIs that are provided by the kernel that are used by the application. As such, the trace output will allow analysis of:

  • Console IO
  • Network IO
  • Filesystem and file IO
  • Process & Thread management
  • Raw memory management
  • Access to device drivers

Typical use cases for strace is to determine why a program is misbehaving. It's extremely helpful to see exactly where a process is trying to write to before it errors, for instance.

Outputs will show all system calls. Use man 2 to find the man page for a particular syscall.

Usage[edit | edit source]

Basic usage is to prepend your command with strace.

# Trace a new process
$ strace ping

# Trace an existing process
$ strace -p 1234

Additional parameters can be passed:

  • -o to output to a file
  • -s N to specify the size of arguments, which defaults to 32
  • -y to annotate every file descriptor in the output
  • -p pid to attach to an already running process
  • -f to follow child processes

See Also[edit | edit source]