firewall:/root # strace ping vmware.ducktales.net execve("/bin/ping", ["ping", "vmware.ducktales.net"], [/* 24 vars */]) = 0 brk(0) = 0x574b3000 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55595000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=22920, ...}) = 0 mmap2(NULL, 22920, PROT_READ, MAP_PRIVATE, 3, 0) = 0x55596000 close(3) = 0 open("/lib/libresolv.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p&\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=86016, ...}) = 0 mmap2(NULL, 88136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x5559c000 fadvise64(3, 0, 88136, POSIX_FADV_WILLNEED) = 0 mmap2(0x555ae000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) = 0x555ae000 mmap2(0x555b0000, 6216, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x555b0000 close(3) = 0 open("/lib/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@m\1\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1637686, ...}) = 0 mmap2(NULL, 1444168, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x555b2000 fadvise64(3, 0, 1444168, POSIX_FADV_WILLNEED) = 0 mmap2(0x5570d000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15b) = 0x5570d000 mmap2(0x55710000, 10568, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x55710000 close(3) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55713000 set_thread_area({entry_number:-1 -> 12, base_addr:0x557136c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 mprotect(0x5570d000, 8192, PROT_READ) = 0 mprotect(0x555ae000, 4096, PROT_READ) = 0 mprotect(0x5555e000, 4096, PROT_READ) = 0 mprotect(0x55592000, 4096, PROT_READ) = 0 munmap(0x55596000, 22920) = 0 socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = 3 getuid32() = 0 setuid32(0) = 0 rt_sigaction(SIGINT, {0x55556e80, [], SA_INTERRUPT}, NULL, 8) = 0 brk(0) = 0x574b3000 brk(0x574d4000) = 0x574d4000 getpid() = 18544 open("/etc/resolv.conf", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=21, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55596000 read(4, "nameserver 127.0.0.1\n", 4096) = 21 read(4, "", 4096) = 0 close(4) = 0 munmap(0x55596000, 4096) = 0 uname({sys="Linux", node="firewall.ducktales.net", ...}) = 0 time(NULL) = 1309981494 stat64("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=21, ...}) = 0 open("/etc/resolv.conf", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=21, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55596000 read(4, "nameserver 127.0.0.1\n", 4096) = 21 read(4, "", 4096) = 0 close(4) = 0 munmap(0x55596000, 4096) = 0 socket(PF_FILE, 0x80801 /* SOCK_??? */, 0) = 4 connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(4) = 0 socket(PF_FILE, 0x80801 /* SOCK_??? */, 0) = 4 connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(4) = 0 open("/etc/nsswitch.conf", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=1192, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55596000 read(4, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1192 read(4, "", 4096) = 0 close(4) = 0 munmap(0x55596000, 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=22920, ...}) = 0 mmap2(NULL, 22920, PROT_READ, MAP_PRIVATE, 4, 0) = 0x55596000 close(4) = 0 open("/lib/libnss_files.so.2", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\32\0\0004\0\0\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=54170, ...}) = 0 mmap2(NULL, 49868, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x55714000 fadvise64(4, 0, 49868, POSIX_FADV_WILLNEED) = 0 mmap2(0x5571f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xa) = 0x5571f000 close(4) = 0 mprotect(0x5571f000, 4096, PROT_READ) = 0 munmap(0x55596000, 22920) = 0 open("/etc/host.conf", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=369, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55596000 read(4, "#\n# /etc/host.conf - resolver co"..., 4096) = 369 read(4, "", 4096) = 0 close(4) = 0 munmap(0x55596000, 4096) = 0 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4 fcntl64(4, F_GETFD) = 0x1 (flags FD_CLOEXEC) fstat64(4, {st_mode=S_IFREG|0644, st_size=1322, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55596000 read(4, "127.0.0.1\tdb_host.local\n198.19.2"..., 4096) = 1322 read(4, "", 4096) = 0 close(4) = 0 munmap(0x55596000, 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=22920, ...}) = 0 mmap2(NULL, 22920, PROT_READ, MAP_PRIVATE, 4, 0) = 0x55596000 close(4) = 0 open("/lib/libnss_dns.so.2", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \f\0\0004\0\0\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=25377, ...}) = 0 mmap2(NULL, 24708, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x55721000 fadvise64(4, 0, 24708, POSIX_FADV_WILLNEED) = 0 mmap2(0x55726000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x4) = 0x55726000 close(4) = 0 mprotect(0x55726000, 4096, PROT_READ) = 0 munmap(0x55596000, 22920) = 0 time(NULL) = 1309981494 socket(PF_INET, 0x802 /* SOCK_??? */, IPPROTO_IP) = 4 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0 gettimeofday({1309981494, 349067}, NULL) = 0 poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}]) send(4, " \342\1\0\0\1\0\0\0\0\0\0\6vmware\tducktales\3ne"..., 38, MSG_NOSIGNAL) = 38 poll([{fd=4, events=POLLIN}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}]) ioctl(4, FIONREAD, [84]) = 0 recvfrom(4, " \342\201\200\0\1\0\1\0\1\0\0\6vmware\tducktales\3ne"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 84 close(4) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 connect(4, {sa_family=AF_INET, sin_port=htons(1025), sin_addr=inet_addr("10.10.10.80")}, 16) = 0 getsockname(4, {sa_family=AF_INET, sin_port=htons(25925), sin_addr=inet_addr("10.10.10.1")}, [16]) = 0 close(4) = 0 setsockopt(3, SOL_RAW, ICMP_FILTER, ~(ICMP_ECHOREPLY|ICMP_DEST_UNREACH|ICMP_SOURCE_QUENCH|ICMP_REDIRECT|ICMP_TIME_EXCEEDED|ICMP_PARAMETERPROB), 4) = 0 setsockopt(3, SOL_IP, IP_RECVERR, [1], 4) = 0 setsockopt(3, SOL_SOCKET, SO_SNDBUF, [324], 4) = 0 setsockopt(3, SOL_SOCKET, SO_RCVBUF, [65536], 4) = 0 getsockopt(3, SOL_SOCKET, SO_RCVBUF, [131072], [4]) = 0 fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55596000 write(1, "PING vmware.ducktales.net (10.10"..., 62PING vmware.ducktales.net (10.10.10.80) 56(84) bytes of data. ) = 62 setsockopt(3, SOL_SOCKET, SO_TIMESTAMP, [1], 4) = 0 setsockopt(3, SOL_SOCKET, SO_SNDTIMEO, "\1\0\0\0\0\0\0\0", 8) = 0 setsockopt(3, SOL_SOCKET, SO_RCVTIMEO, "\1\0\0\0\0\0\0\0", 8) = 0 rt_sigaction(SIGINT, {0x55559740, [], SA_INTERRUPT}, NULL, 8) = 0 rt_sigaction(SIGALRM, {0x55559740, [], SA_INTERRUPT}, NULL, 8) = 0 rt_sigaction(SIGQUIT, {0x55559760, [], SA_INTERRUPT}, NULL, 8) = 0 gettimeofday({1309981494, 349917}, NULL) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(1, TIOCGWINSZ, {ws_row=59, ws_col=194, ws_xpixel=0, ws_ypixel=0}) = 0 gettimeofday({1309981494, 349978}, NULL) = 0 gettimeofday({1309981494, 350026}, NULL) = 0 sendmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.10.10.80")}, msg_iov(1)=[{"\10\0\2SpH\0\0016\273\24NJW\5\0\10\t\n\v\f\r\16\17\20\21\22\23\24\25\26\27"..., 64}], msg_controllen=0, msg_flags=0}, 0) = 64 recvmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.10.10.80")}, msg_iov(1)=[{"E\0\0Tz\215@\0@\1\227\267\n\n\nP\n\n\n\1\0\0\nSpH\0\0016\273\24N"..., 192}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d /* SCM_??? */, ...}, msg_flags=0}, 0) = 84 time(NULL) = 1309981494 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=1322, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55597000 read(4, "127.0.0.1\tdb_host.local\n198.19.2"..., 4096) = 1322 read(4, "", 4096) = 0 close(4) = 0 munmap(0x55597000, 4096) = 0 time(NULL) = 1309981494 socket(PF_INET, 0x802 /* SOCK_??? */, IPPROTO_IP) = 4 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0 gettimeofday({1309981494, 350726}, NULL) = 0 poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}]) send(4, "\1\333\1\0\0\1\0\0\0\0\0\0\00280\00210\00210\00210\7in-addr"..., 42, MSG_NOSIGNAL) = 42 poll([{fd=4, events=POLLIN}], 1, 5000) = 0 (Timeout) gettimeofday({1309981499, 356223}, NULL) = 0 poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}]) send(4, "\1\333\1\0\0\1\0\0\0\0\0\0\00280\00210\00210\00210\7in-addr"..., 42, MSG_NOSIGNAL) = 42 poll([{fd=4, events=POLLIN}], 1, 5000) = 0 (Timeout) close(4) = 0 write(1, "64 bytes from 10.10.10.80: icmp_"..., 5964 bytes from 10.10.10.80: icmp_seq=1 ttl=64 time=0.267 ms ) = 59 gettimeofday({1309981504, 361131}, NULL) = 0 gettimeofday({1309981504, 361148}, NULL) = 0 sendmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.10.10.80")}, msg_iov(1)=[{"\10\0\206&pH\0\2@\273\24N\274\202\5\0\10\t\n\v\f\r\16\17\20\21\22\23\24\25\26\27"..., 64}], msg_controllen=0, msg_flags=0}, MSG_CONFIRM) = 64 recvmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("213.20.153.73")}, msg_iov(1)=[{"E\0\0T\0\0@\0\375\1\t6\325\24\231I\n\n\374\n\0\0\372\365(\271\0A\2\0\0\0"..., 192}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d /* SCM_??? */, ...}, msg_flags=0}, 0) = 84 setsockopt(3, SOL_SOCKET, SO_ATTACH_FILTER, "\10\0\0\0\200\361UU", 8) = 0 recvmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("213.198.72.237")}, msg_iov(1)=[{"E\0\0T\0\0@\0\372\1\\\340\325\306H\355\n\n\373\n\0\0\373\365(\271\0A\1\0\0\0"..., 192}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d /* SCM_??? */, ...}, msg_flags=0}, MSG_DONTWAIT) = 84 recvmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("88.202.127.98")}, msg_iov(1)=[{"E\0\0T~A@\0=\1\330CX\312\177b_\322\257%\0\0\371\363(\271\0C\3\0\0\0"..., 192}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d /* SCM_??? */, ...}, msg_flags=0}, MSG_DONTWAIT) = 84 recvmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("88.202.127.98")}, msg_iov(1)=[{"E\0\0T~X@\0=\1\330,X\312\177b_\322\257%\0\0\371\363(\271\0C\3\0\0\0"..., 192}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d /* SCM_??? */, ...}, msg_flags=0}, MSG_DONTWAIT) = 84 recvmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("88.202.127.98")}, msg_iov(1)=[{"E\0\0T~o@\0=\1\330\25X\312\177b_\322\257%\0\0\371\363(\271\0C\3\0\0\0"..., 192}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d /* SCM_??? */, ...}, msg_flags=0}, MSG_DONTWAIT) = 84 recvmsg(3, 0xffe7be24, MSG_DONTWAIT) = -1 EAGAIN (Resource temporarily unavailable) gettimeofday({1309981504, 361507}, NULL) = 0 recvmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.10.10.80")}, msg_iov(1)=[{"E\0\0T{\22@\0@\1\2272\n\n\nP\n\n\n\1\0\0\216&pH\0\2@\273\24N"..., 192}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d /* SCM_??? */, ...}, msg_flags=0}, 0) = 84 write(1, "64 bytes from 10.10.10.80: icmp_"..., 5964 bytes from 10.10.10.80: icmp_seq=2 ttl=64 time=0.823 ms ) = 59 gettimeofday({1309981504, 362260}, NULL) = 0 poll([{fd=3, events=POLLIN|POLLERR}], 1, 999) = 0 (Timeout) gettimeofday({1309981505, 361798}, NULL) = 0 gettimeofday({1309981505, 361818}, NULL) = 0 sendmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.10.10.80")}, msg_iov(1)=[{"\10\0\347\"pH\0\3A\273\24NZ\205\5\0\10\t\n\v\f\r\16\17\20\21\22\23\24\25\26\27"..., 64}], msg_controllen=0, msg_flags=0}, MSG_CONFIRM) = 64 recvmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.10.10.80")}, msg_iov(1)=[{"E\0\0T{$@\0@\1\227 \n\n\nP\n\n\n\1\0\0\357\"pH\0\3A\273\24N"..., 192}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d /* SCM_??? */, ...}, msg_flags=0}, 0) = 84 write(1, "64 bytes from 10.10.10.80: icmp_"..., 5964 bytes from 10.10.10.80: icmp_seq=3 ttl=64 time=0.329 ms ) = 59 gettimeofday({1309981505, 362434}, NULL) = 0 recvmsg(3, 0xffe7be24, 0) = -1 EAGAIN (Resource temporarily unavailable) gettimeofday({1309981506, 362815}, NULL) = 0 gettimeofday({1309981506, 362834}, NULL) = 0 sendmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.10.10.80")}, msg_iov(1)=[{"\10\0\356\35pH\0\4B\273\24NR\211\5\0\10\t\n\v\f\r\16\17\20\21\22\23\24\25\26\27"..., 64}], msg_controllen=0, msg_flags=0}, MSG_CONFIRM) = 64 recvmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.10.10.80")}, msg_iov(1)=[{"E\0\0T{'@\0@\1\227\35\n\n\nP\n\n\n\1\0\0\366\35pH\0\4B\273\24N"..., 192}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d /* SCM_??? */, ...}, msg_flags=0}, 0) = 84 write(1, "64 bytes from 10.10.10.80: icmp_"..., 5964 bytes from 10.10.10.80: icmp_seq=4 ttl=64 time=0.391 ms ) = 59 gettimeofday({1309981506, 363380}, NULL) = 0 recvmsg(3, ^C firewall:/root #