rwsnoop - snoop read/write events. Uses DTrace.
rwsnoop [-jPtvZ] [-n name] [-p PID]
This is measuring reads and writes at the application level. This matches the syscalls read, write, pread and pwrite.
Since this uses DTrace, only users with root privileges can run this command.
See the DTraceToolkit for further documentation under the Docs directory. The DTraceToolkit docs may include full worked examples with verbose descriptions explaining the output.
rwsnoop will run forever until Ctrl-C is hit.
Brendan Gregg [Sydney, Australia]
|July 24, 2005||version 0.70|