explaingit

iovisor/bcc

📈 Trending22,407CAudience · ops devopsComplexity · 4/5ActiveLicenseSetup · hard

TLDR

A toolkit for writing small programs that run inside the Linux kernel to observe system behavior in real time without rebooting or risking crashes.

Mindmap

mindmap
  root((BCC))
    What it does
      Monitor kernel activity
      Diagnose performance issues
      Observe file and network access
    How it works
      eBPF technology
      Attach to kernel points
      Real-time visibility
    Use cases
      Debug latency problems
      Track system resource usage
      Investigate unexpected behavior
    Tech stack
      C kernel code
      Python scripting
      Lua scripting
    Audience
      Systems engineers
      Performance analysts
      Linux operators

Things people build with this

USE CASE 1

Diagnose why a Linux server is slow by tracing which kernel functions consume the most CPU time.

USE CASE 2

Track which processes are opening files and accessing the disk to identify unexpected I/O patterns.

USE CASE 3

Monitor network connections in real time to see where traffic is going without installing agents.

USE CASE 4

Investigate performance regressions on production servers without restarting or modifying the kernel.

Tech stack

CPythonLuaeBPFLinux kernel

Getting it running

Difficulty · hard Time to first run · 1h+

Requires Linux kernel with eBPF support, specific kernel headers, and LLVM/Clang toolchain; non-Linux systems cannot run this.

Apache 2.0 license allows free use for any purpose, including commercial, as long as you include a copy of the license and state any significant changes made.

In plain English

BCC (BPF Compiler Collection) is a toolkit for Linux that lets you write small programs that run safely inside the operating system kernel to observe what the system is doing in real time. The technology it builds on is called eBPF (extended Berkeley Packet Filters), a feature of modern Linux that lets you attach custom monitoring code to specific points in the kernel without modifying or rebooting the system and without risking crashes. In practical terms, BCC makes it possible to answer deep diagnostic questions about a running Linux server: Which processes are opening which files? What is causing disk I/O latency? How much CPU time is spent in which kernel functions? Where are network connections going? You write a small program, run it, and get immediate visibility into system internals that would otherwise require kernel expertise or specialized hardware. BCC is mainly used by systems engineers and performance analysts who are investigating performance problems or unexpected behavior on Linux servers. It includes dozens of ready-made tools you can run directly, plus a framework for writing your own. The toolkit is written in C at the kernel level, with Python and Lua available as the front-end scripting languages for writing analysis programs. It requires Linux 4.1 or above.

Copy-paste prompts

Prompt 1
Show me how to use BCC to trace which processes are opening files on my Linux system and how often.
Prompt 2
I have high disk latency on my server. How would I use BCC tools to find out which kernel functions are causing the slowdown?
Prompt 3
Write a BCC program in Python that counts how many times each system call is made by a specific process.
Prompt 4
How do I use BCC to monitor network connections and see which processes are making outbound connections?
Prompt 5
Explain how to install BCC on Ubuntu and run one of the built-in tools to profile CPU usage by kernel function.
Open on GitHub → Explain another repo

Generated 2026-05-18 · Model: sonnet-4-6 · Verify against the repo before relying on details.