strace -fto trace child process that's fork()ed.

strace -f跟踪已fork()编辑的子进程。

I can't see an easy way:

我看不到一个简单的方法：

You could use the -ffoption with -o filenameto produce multiple files (one per pid).

您可以使用-ffwith 选项-o filename生成多个文件（每个 pid 一个）。

eg:

例如：

strace -o process_dump -ff ./executable
grep clone process_dump*

that would help you see which parent created what. Maybe that would help you - at least then you could search backwards.

这将帮助您查看哪个父创建了什么。也许这会帮助你 - 至少你可以向后搜索。

There is a perl script called strace-graph. Here is a version from github. It is packaged with crosstool-ngversions of compilers. It works for me even used cross platform.

有一个名为strace-graph. 这是来自 github 的一个版本。它与编译器的crosstool-ng版本一起打包。它适用于我甚至使用跨平台。

ARM Linux box.

ARM Linux 盒子。

$ ./strace -f -q -s 100 -o app.trc -p 449
$ tftp -pr app.trc 172.0.0.133

X86_64 Linux box.

X86_64 Linux 盒子。

$ ./strace-graph /srv/tftp/app.trc 
 (anon)
  +-- touch /tmp/ppp.sleep
  +-- killall -HUP pppd
  +-- amixer set Speaker 70%
  +-- amixer set Speaker 70%
  +-- amixer set Speaker 70%
  +-- amixer set Speaker 70%
  +-- amixer set Speaker 50%
  +-- amixer set Speaker 70%
  `-- amixer set Speaker 50%

The output can be used to help navigate the main trace log.

输出可用于帮助导航主跟踪日志。

To capture traffic for a single process you can use strace, as @stackmate suggested.

要捕获单个进程的流量，您可以使用strace，如@stackmate 建议的那样。

strace -f -e trace=network -s 10000 -p <PID>;

or output it to a file.

或输出到文件。

strace -f -e trace=network -s 10000 -o dumpfile -p <PID>

-ffor all forked process, -sfor string size to print, and -oto dump the output to a file.

-f对于所有分叉进程，-s要打印的字符串大小，以及-o将输出转储到文件。