Sony Antony
Reputation: 346
strace does not show the complete write
Im trying to view the data being written to an HTTP socket using strace However, although I have given -e write=all, I still cannot see all the data being written
strace -o /tmp/capture.log -p <pid> -e trace=all -e write=all -e read=all -f -tt
..
29620 16:09:14.723120 write(1899, "POST /task/native.wsdl HTTP/1.1\r"..., 210) = 210
29620 16:09:14.723319 write(1899, "<soap:Envelope xmlns:soap=\"http:"..., 450) = 450
What is strange is that, it shows the complete data during some other writes to other sockets
31145 16:09:28.110571 write(359, "POST /task/native.wsdl HTTP/1.1\r"..., 210) = 210
| 00000 50 4f 53 54 20 2f 74 61 73 6b 2f 6e 61 74 69 76 POST /task/nativ |
| 00010 65 2e 77 73 64 6c 20 48 54 54 50 2f 31 2e 31 0d e.wsdl HTTP/1.1. |
| 00020 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 .Content-Type: t |
| 00030 65 78 74 2f 78 6d 6c 3b 20 63 68 61 72 73 65 74 ext/xml; charset |
| 00040 3d 55 54 46 2d 38 0d 0a 41 63 63 65 70 74 3a 20 =UTF-8..Accept: |
| 00050 2a 2f 2a 0d 0a 53 4f 41 50 41 63 74 69 6f 6e 3a */*..SOAPAction: |
| 00060 20 22 22 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a ""..User-Agent: |
| 00070 20 41 70 61 63 68 65 20 43 58 46 20 32 2e 37 2e Apache CXF 2.7. |
| 00080 31 31 0d 0a 48 6f 73 74 3a 20 65 73 2d 73 76 63 11..Host: es-svc |
| 00090 73 2e 69 74 2e 61 74 74 2e 63 6f 6d 3a 37 30 30 s.it.att.com:700 |
| 000a0 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 3..Connection: K |
| 000b0 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 eep-Alive..Conte |
| 000c0 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 35 30 0d 0a nt-Length: 450.. |
| 000d0 0d 0a .. |
Can somebody please explain. Is it possible to get data from all writes
Upvotes: 4
Views: 2762
Answers (1)
Timothy Copeland
Reputation: 126
The strace -e write=a,b flag shows write syscalls for file descriptors numbered from a to b, and -e write=all shows write syscalls to all file descriptors.
What you're looking for is -e abbrev=none; see the manpage:
-e abbrev=set
Abbreviate the output from printing each member of large structures.
The default is abbrev=all. The -v option has the effect of abbrev=none.
Upvotes: 2
Related Questions
- strace/ltrace outputs inconsistent info
- Recoding Strace, why I can't catch the "write syscall ?"
- Why does running `strace echo "hello world" | grep write` show the full strace output?
- print the output of strace command in a text file
- strace output problems solve
- strace on Linux not logging all calls to open()
- Visualising strace output
- Why strace -f can't trace the child progress after |?
- Why don't I see memory addresses in this call to `writev`?
- Why doesn't strace catch all file accesses?