In this example, we use the ls command to list a file. Because the ls program is the child of its local shell, we need to trace the shell from which the ll (ls -al alias) command is executed. Two shell windows are required to perform this test.

1. Window one: Determine the pseudo terminal and PID of shell by tying in echo $$. In my case it was 12310

   

2. Window two: Start trace of shell process with this command: strace -o /tmp/ll.strace -f -p 12310 just make sure you use your own PID here.

   

3. Go back to window one and type in 11 or any commands for that matter. You can look at the strace output on window two. The trace shows the fork() and execve() calls.