u/Classic_Impression22

Built snoop - like strace but uses eBPF so your process doesn't slow down. Has a real-time TUI with search, filters, and a top-syscalls panel. Or just --raw for classic strace-style output.

Decodes arguments for 60+ syscalls into stuff you can actually read. Also does TLS decryption, record/replay, and trace diffing.

Rust, no kernel modules, no C toolchain. Needs Linux 5.8+ and root.

Open source. Link in comments, drop a star if it's useful.