Both strace and ltrace are powerful command-line debugging tools and troubleshooting programs for Linux: Strace captures and records all system calls made by a process as well as received signals while ltrace does the same for library calls.

If a program works differently than you expect, you can use these tools to see “behind the curtain” and maybe get some clues as to what’s going on.

Be warned, however. When you use any of these commands, you will eventually get a lot at the exit for review. However, this can tell you a lot about how a process works and sometimes give you important information.


To run strace against a program, use the command as shown below – the strace command followed by the program name. The exit below is interrupted.

$ strace who
execve(“/usr/bin/who”, [“who”], 0x7ffe889f45c0 /* 41 vars */) = 0
brk(NULL)                               = 0x55e7d6720000
arch_prctl(0x3001 /* ARCH_??? */, 0x7fff38c72b20) = -1 EINVAL (Invalid argument)
access(“/etc/”, R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, “/etc/”, O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, “”, {st_mode=S_IFREG|0644, st_size=60195, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 60195, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd1ba4d7000

The command above executes WHO command and report on the system calls it makes. The beginning of each line (e.g. execve, mustache and arch_prctl) shows the system call made.

To run strace against a running process to see what it does, use the command with -p option followed by the process ID. note that the strace the output starts on the 3rd row below after the process is attached.

Copyright © 2022 IDG Communications, Inc.

Previous articleWhat do you see first in this optical illusion? Here’s what he says about you
Next articleAvian influenza has been confirmed in 2 flocks in the backyard of the Pacific Northwest