Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
11433 execve("/bin/ping", ["ping", "google.com"], [/* 14 vars */]) = 0
11433 brk(NULL) = 0xc9b000
11433 fcntl(0, F_GETFD) = 0
11433 fcntl(1, F_GETFD) = 0
11433 fcntl(2, F_GETFD) = 0
11433 access("/etc/suid-debug", F_OK) = -1 ENOENT (No such file or directory)
11433 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
11433 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
11433 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
11433 fstat(3, {st_mode=S_IFREG|0644, st_size=33275, ...}) = 0
11433 mmap(NULL, 33275, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f67ef1a0000
11433 close(3) = 0
11433 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
11433 open("/lib/x86_64-linux-gnu/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
11433 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\30\0\0\0\0\0\0"..., 832) = 832
11433 fstat(3, {st_mode=S_IFREG|0644, st_size=23128, ...}) = 0
11433 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f67ef190000
11433 mmap(NULL, 2118192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f67eebf0000
11433 mprotect(0x7f67eebf4000, 2097152, PROT_NONE) = 0
11433 mmap(0x7f67eedf4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f67eedf4000
11433 close(3) = 0
11433 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
11433 open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
11433 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\t\2\0\0\0\0\0"..., 832) = 832
11433 fstat(3, {st_mode=S_IFREG|0755, st_size=1868984, ...}) = 0
11433 mmap(NULL, 3971488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f67ee820000
11433 mprotect(0x7f67ee9e0000, 2097152, PROT_NONE) = 0
11433 mmap(0x7f67eebe0000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c0000) = 0x7f67eebe0000
11433 mmap(0x7f67eebe6000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f67eebe6000
11433 close(3) = 0
11433 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f67ef180000
11433 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f67ef170000
11433 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f67ef160000
11433 arch_prctl(ARCH_SET_FS, 0x7f67ef170700) = 0
11433 mprotect(0x7f67eebe0000, 16384, PROT_READ) = 0
11433 mprotect(0x7f67eedf4000, 4096, PROT_READ) = 0
11433 mprotect(0x609000, 4096, PROT_READ) = 0
11433 mprotect(0x7f67ef025000, 4096, PROT_READ) = 0
11433 munmap(0x7f67ef1a0000, 33275) = 0
11433 brk(NULL) = 0xc9b000
11433 brk(0xcbc000) = 0xcbc000
11433 capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = -1 EFAULT (Bad address)
11433 capget({_LINUX_CAPABILITY_VERSION_3, 0}, {CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP|CAP_MAC_OVERRIDE|CAP_MAC_ADMIN|CAP_SYSLOG|CAP_WAKE_ALARM|CAP_BLOCK_SUSPEND, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP|CAP_MAC_OVERRIDE|CAP_MAC_ADMIN|CAP_SYSLOG|CAP_WAKE_ALARM|CAP_BLOCK_SUSPEND, 0}) = 0
11433 capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = -1 EFAULT (Bad address)
11433 capset({_LINUX_CAPABILITY_VERSION_3, 0}, {0, CAP_NET_ADMIN|CAP_NET_RAW, 0}) = 0
11433 prctl(PR_SET_KEEPCAPS, 1) = 0
11433 getuid() = 0
11433 setuid(0) = 0
11433 prctl(PR_SET_KEEPCAPS, 0) = 0
11433 getuid() = 0
11433 geteuid() = 0
11433 capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = -1 EFAULT (Bad address)
11433 capget({_LINUX_CAPABILITY_VERSION_3, 0}, {0, CAP_NET_ADMIN|CAP_NET_RAW, 0}) = 0
11433 capset({_LINUX_CAPABILITY_VERSION_3, 0}, {CAP_NET_RAW, CAP_NET_ADMIN|CAP_NET_RAW, 0}) = 0
11433 socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = 3
11433 capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = -1 EFAULT (Bad address)
11433 capget({_LINUX_CAPABILITY_VERSION_3, 0}, {CAP_NET_RAW, CAP_NET_ADMIN|CAP_NET_RAW, 0}) = 0
11433 capset({_LINUX_CAPABILITY_VERSION_3, 0}, {0, CAP_NET_ADMIN|CAP_NET_RAW, 0}) = 0
11433 getpid() = 11433
11433 open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 4
11433 fstat(4, {st_mode=S_IFREG|0644, st_size=259, ...}) = 0
11433 read(4, "# This file was automatically ge"..., 512) = 259
11433 read(4, "", 512) = 0
11433 close(4) = 0
11433 stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=259, ...}) = 0
11433 open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 4
11433 fstat(4, {st_mode=S_IFREG|0644, st_size=259, ...}) = 0
11433 read(4, "# This file was automatically ge"..., 512) = 259
11433 read(4, "", 512) = 0
11433 close(4) = 0
11433 socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
11433 connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
11433 close(4) = 0
11433 socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
11433 connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
11433 close(4) = 0
11433 open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4
11433 fstat(4, {st_mode=S_IFREG|0644, st_size=497, ...}) = 0
11433 read(4, "# /etc/nsswitch.conf\n#\n# Example"..., 512) = 497
11433 read(4, "", 512) = 0
11433 close(4) = 0
11433 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
11433 fstat(4, {st_mode=S_IFREG|0644, st_size=33275, ...}) = 0
11433 mmap(NULL, 33275, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f67ef1a0000
11433 close(4) = 0
11433 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
11433 open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 4
11433 read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260!\0\0\0\0\0\0"..., 832) = 832
11433 fstat(4, {st_mode=S_IFREG|0644, st_size=47600, ...}) = 0
11433 mmap(NULL, 2168600, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f67ee600000
11433 mprotect(0x7f67ee60b000, 2093056, PROT_NONE) = 0
11433 mmap(0x7f67ee80a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xa000) = 0x7f67ee80a000
11433 mmap(0x7f67ee80c000, 22296, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f67ee80c000
11433 close(4) = 0
11433 mprotect(0x7f67ee80a000, 4096, PROT_READ) = 0
11433 munmap(0x7f67ef1a0000, 33275) = 0
11433 open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 4
11433 fstat(4, {st_mode=S_IFREG|0644, st_size=92, ...}) = 0
11433 read(4, "# The \"order\" line is only used "..., 512) = 92
11433 read(4, "", 512) = 0
11433 close(4) = 0
11433 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4
11433 fstat(4, {st_mode=S_IFREG|0644, st_size=423, ...}) = 0
11433 read(4, "# This file is automatically gen"..., 512) = 423
11433 read(4, "", 512) = 0
11433 close(4) = 0
11433 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
11433 fstat(4, {st_mode=S_IFREG|0644, st_size=33275, ...}) = 0
11433 mmap(NULL, 33275, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f67ef1a0000
11433 close(4) = 0
11433 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
11433 open("/lib/x86_64-linux-gnu/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = 4
11433 read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\17\0\0\0\0\0\0"..., 832) = 832
11433 fstat(4, {st_mode=S_IFREG|0644, st_size=27000, ...}) = 0
11433 mmap(NULL, 2121944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f67ee3f0000
11433 mprotect(0x7f67ee3f5000, 2097152, PROT_NONE) = 0
11433 mmap(0x7f67ee5f5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x5000) = 0x7f67ee5f5000
11433 close(4) = 0
11433 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
11433 open("/lib/x86_64-linux-gnu/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 4
11433 read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P9\0\0\0\0\0\0"..., 832) = 832
11433 fstat(4, {st_mode=S_IFREG|0644, st_size=101200, ...}) = 0
11433 mmap(NULL, 2206280, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f67ee1d0000
11433 mprotect(0x7f67ee1e7000, 2097152, PROT_NONE) = 0
11433 mmap(0x7f67ee3e7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x17000) = 0x7f67ee3e7000
11433 mmap(0x7f67ee3e9000, 6728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f67ee3e9000
11433 close(4) = 0
11433 mprotect(0x7f67ee3e7000, 4096, PROT_READ) = 0
11433 mprotect(0x7f67ee5f5000, 4096, PROT_READ) = 0
11433 munmap(0x7f67ef1a0000, 33275) = 0
11433 stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=259, ...}) = 0
11433 socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
11433 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("172.1.2.3")}, 16) = 0
11433 gettimeofday({1517207029, 805941}, NULL) = 0
11433 poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
11433 sendto(4, "~|\1\0\0\1\0\0\0\0\0\0\6google\3com\0\0\1\0\1", 28, MSG_NOSIGNAL, NULL, 0) = 28
11433 poll([{fd=4, events=POLLIN}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
11433 ioctl(4, FIONREAD, [28]) = 0
11433 recvfrom(4, "~|\201\3\0\1\0\0\0\0\0\0\6google\3com\0\0\1\0\1", 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("172.1.2.3")}, [16]) = 28
11433 close(4) = 0
11433 socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
11433 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("172.1.2.3")}, 16) = 0
11433 gettimeofday({1517207029, 807021}, NULL) = 0
11433 poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
11433 sendto(4, "\333\17\1\0\0\1\0\0\0\0\0\0\6google\3com\10example"..., 41, MSG_NOSIGNAL, NULL, 0) = 41
11433 poll([{fd=4, events=POLLIN}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
11433 ioctl(4, FIONREAD, [144]) = 0
11433 recvfrom(4, "\333\17\205\203\0\1\0\0\0\1\0\0\6google\3com\10example"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("172.1.2.3")}, [16]) = 144
11433 close(4) = 0
11433 write(2, "ping: unknown host google.com\n", 30) = 30
11433 exit_group(2) = ?
11433 +++ exited with 2 +++
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.