Linux debugging commands are essential tools for any system administrator or software developer. They can be used to identify and troubleshoot problems with running processes, system resources, and network connections.
This article will introduce you to the top 10 Linux debugging commands, and provide examples of how to use them.
1. top
The top command is a real-time system monitoring tool that displays information about all running processes. It can be used to identify processes that are consuming a lot of CPU or memory, and to track system performance over time.
To use the top command, simply type top
in a terminal window. You will see a display of all running processes, sorted by CPU usage. The top line of the display shows the overall system load, memory usage, and uptime.
To learn more about a particular process, press the P
key. This will open a new window with detailed information about the process, including its CPU usage, memory usage, and open files.
2. strace
The strace command is a powerful tool for debugging system calls. It captures and records all system calls made by a given process, and the signals received by the process.
To use the strace command, type strace
followed by the name or PID of the process you want to debug. For example, to debug the firefox
process, you would type:
strace firefox
The strace command will generate a large amount of output, so it is often helpful to pipe the output to a file or to another command. For example, to save the output of the strace command to a file called firefox.strace
, you would type:
strace firefox > firefox.strace
Once you have captured the system calls made by the process, you can use a text editor to view the file and identify any suspicious activity.
3. gdb
The gdb command is a graphical debugger that can be used to debug programs written in C, C++, and other languages. It allows you to step through code line by line, set breakpoints, and inspect variables.
To use the gdb command, you first need to compile your program with the debug flag enabled. This will generate a .debug
file that contains debugging information.
Once you have compiled your program with the debug flag enabled, you can start the gdb debugger by typing gdb
followed by the name of the executable file. For example, to start the gdb debugger for the hello
program, you would type:
gdb hello
Once the gdb debugger is started, you can use the following commands to step through your code:
run
: Starts the program.next
: Executes the next line of code.step
: Executes the next line of code, stepping into function calls.break
: Sets a breakpoint at the current line of code.
You can also use the gdb debugger to inspect variables. To do this, type print
followed by the name of the variable you want to inspect. For example, to inspect the variable name
, you would type:
print name
4. ltrace
The ltrace command is a similar to the strace command, but it only traces library calls. This can be useful for debugging programs that use a lot of libraries.
To use the ltrace command, type ltrace
followed by the name or PID of the process you want to debug. For example, to debug the firefox
process, you would type:
ltrace firefox
The ltrace command will generate a large amount of output, so it is often helpful to pipe the output to a file or to another command. For example, to save the output of the ltrace command to a file called firefox.ltrace
, you would type:
ltrace firefox > firefox.ltrace
Once you have captured the library calls made by the process, you can use a text editor to view the file and identify any suspicious activity.
5. lsof
The lsof command lists all open files on the system. This can be useful for identifying processes that are holding open files that they no longer need.
To use the lsof command, simply type lsof
in a terminal window. This will list all open files on the system, sorted by process ID.
To learn more about a particular file, press the U
key. This will open a new window with detailed information about the file, including the process that is holding it open.
6. netstat
The netstat command displays information about all active network connections. This can be useful for identifying network problems and troubleshooting connectivity issues.
To use the netstat command, simply type netstat
in a terminal window. This will display a list of all active network connections, including the local and remote addresses, the protocol used, and the state of the connection.
You can use the following options to filter the output of the netstat command:
-a
: Displays all active network connections, including listening sockets.-n
: Displays numerical addresses instead of names.-p
: Displays the process ID of the process that owns each connection.
7. tcpdump
The tcpdump command is a packet analyzer that can be used to capture and display network traffic. This can be useful for troubleshooting network problems and identifying security vulnerabilities.
To use the tcpdump command, type tcpdump
followed by the filter expression you want to use. For example, to capture all TCP traffic to port 80, you would type:
tcpdump tcp port 80
The tcpdump command will generate a large amount of output, so it is often helpful to pipe the output to a file or to another command. For example, to save the output of the tcpdump command to a file called tcpdump.pcap
, you would type:
tcpdump tcp port 80 > tcpdump.pcap
Once you have captured the network traffic, you can use a packet analyzer such as Wireshark to view the captured packets and identify any problems.
8. dmesg
The dmesg command displays the kernel ring buffer. This can be useful for debugging hardware problems and identifying kernel messages.
To use the dmesg command, simply type dmesg
in a terminal window. This will display all of the messages that have been logged to the kernel ring buffer.
You can use the following options to filter the output of the dmesg command:
-H
: Displays human-readable timestamps instead of kernel timestamps.-T
: Displays the time that each message was logged.-k
: Displays only kernel messages.
9. fsck
The fsck command checks and repairs file systems. This can be useful for troubleshooting file system corruption and recovering lost data.
To use the fsck command, type fsck
followed by the name of the file system you want to check. For example, to check the ext4 file system on the root partition, you would type:
fsck /dev/sda1
The fsck command will scan the file system for errors and attempt to repair them. If the file system is corrupted beyond repair, the fsck command will prompt you to back up your data and reformat the file system.
10. fdisk
The fdisk command creates and manages disk partitions. This can be useful for troubleshooting disk problems and optimizing disk performance.
To use the fdisk command, type fdisk
followed by the name of the disk you want to manage. For example, to manage the disk at /dev/sda, you would type:
fdisk /dev/sda
The fdisk command will display a list of all the partitions on the disk. You can use the following commands to create, delete, and modify partitions:
n
: Creates a new partition.d
: Deletes a partition.p
: Prints the partition table.