Guest User

dtruss with wireshark

a guest
Jul 30th, 2012
63
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. $dtruss -f -t open wireshark
  2. dtrace: failed to initialize dtrace: DTrace requires additional privileges
  3. $sudo dtruss -f -t open wireshark
  4. PID/THRD SYSCALL(args) = return
  5. 2015/0x6a4e: open("/dev/tty\0", 0x6, 0x1) = 3 0
  6. 2015/0x6a4e: open("/usr/local/bin/wireshark\0", 0x0, 0x0) = 3 0
  7. 2015/0x6a4e: open("/usr/lib/dtrace/libdtrace_dyld.dylib\0", 0x0, 0x0) = 3 0
  8. 2015/0x6a4e: open("/dev/dtracehelper\0", 0x2, 0x7FFF5FC45348) = 3 0
  9. 2015/0x6a4e: open("/dev/dtracehelper\0", 0x2, 0x7FFF5FC45410) = 3 0
  10. 2016/0x6a51: fork() = 0 0
  11. 2016/0x6a51: open("/dev/dtracehelper\0", 0x2, 0x7FFF5FC45130) = 3 0
  12.  
  13. $sudo dtruss -f wireshark
  14. PID/THRD SYSCALL(args) = return
  15. 2032/0x6a77: getpid(0x7FFF5FBFF720, 0x7FFFFFE00050, 0x0) = 2032 0
  16. 2032/0x6a77: open_nocancel("/dev/urandom\0", 0x0, 0x0) = 3 0
  17. 2032/0x6a77: read_nocancel(0x3, "\376\247\200\267\247gJ\374~\354\311\373W\003\215\240w\253\213F\212z\345\017\303*_\210\flah\003Moz\221\311:\030\341\177\0", 0x6C) = 108 0
  18. 2032/0x6a77: close_nocancel(0x3) = 0 0
  19. 2032/0x6a77: issetugid(0x100000000, 0x7FFF5FBFF9DD, 0x7FFF5FC40530) = 0 0
  20. 2032/0x6a77: geteuid(0x100000000, 0x7FFF5FBFF9DD, 0x0) = 0 0
  21. 2032/0x6a77: __sysctl(0x7FFF5FBFD610, 0x2, 0x7FFF5FBFD5D0) = 0 0
  22. 2032/0x6a77: __sysctl(0x7FFF5FBFD5D0, 0x2, 0x7FFF5FBFD66C) = 0 0
  23. 2032/0x6a77: shared_region_check_np(0x7FFF5FBFD7D8, 0x0, 0x7FFF5FC1DC86) = 0 0
  24. 2032/0x6a77: stat64("/usr/lib/dtrace/libdtrace_dyld.dylib\0", 0x7FFF5FBFCBE0, 0x7FFF5FBFD220) = 0 0
  25. 2032/0x6a77: open("/usr/lib/dtrace/libdtrace_dyld.dylib\0", 0x0, 0x0) = 3 0
  26. 2032/0x6a77: pread(0x3, "\312\376\272\276\0", 0x1000, 0x0) = 4096 0
  27. 2032/0x6a77: pread(0x3, "\317\372\355\376\a\0", 0x1000, 0x1000) = 4096 0
  28. 2032/0x6a77: mmap(0x1000B6000, 0x2000, 0x5, 0x12, 0x3, 0x7FFF00000001) = 0xB6000 0
  29. 2032/0x6a77: mmap(0x1000B8000, 0x1000, 0x3, 0x12, 0x3, 0x7FFF00000001) = 0xB8000 0
  30. 2032/0x6a77: mmap(0x1000B9000, 0x1F10, 0x1, 0x12, 0x3, 0x7FFF00000001) = 0xB9000 0
  31. 2032/0x6a77: close(0x3) = 0 0
  32. 2032/0x6a77: stat64("/usr/lib/libncurses.5.4.dylib\0", 0x7FFF5FBFC960, 0x7FFF5FBFCFA0) = 0 0
  33. 2032/0x6a77: stat64("/usr/lib/libiconv.2.dylib\0", 0x7FFF5FBFC960, 0x7FFF5FBFCFA0) = 0 0
  34. 2032/0x6a77: stat64("/usr/lib/libSystem.B.dylib\0", 0x7FFF5FBFC960, 0x7FFF5FBFCFA0) = 0 0
  35. 2032/0x6a77: stat64("/usr/lib/system/libmathCommon.A.dylib\0", 0x7FFF5FBFC6C0, 0x7FFF5FBFCD00) = 0 0
  36. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF740) = 0x0 0
  37. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF730, 0x0) = 0 0
  38. 2032/0x6a77: open("/dev/tty\0", 0x6, 0x1) = 3 0
  39. 2032/0x6a77: close(0x3) = 0 0
  40. 2032/0x6a77: getrlimit(0x1008, 0x7FFF5FBFF0C0, 0x7FFF897CD2EC) = 0 0
  41. 2032/0x6a77: open_nocancel("/usr/share/locale/en_US.UTF-8/LC_COLLATE\0", 0x0, 0x1B6) = 3 0
  42. 2032/0x6a77: fstat64(0x3, 0x7FFF5FBFF090, 0x7FFF5FBFF15C) = 0 0
  43. 2032/0x6a77: mmap(0x0, 0x1000000, 0x3, 0x1002, 0x2000000, 0x7FFF00000000) = 0x400000 0
  44. 2032/0x6a77: munmap(0x100400000, 0x400000) = 0 0
  45. 2032/0x6a77: munmap(0x101000000, 0x400000) = 0 0
  46. 2032/0x6a77: read_nocancel(0x3, "1.1A\n\0", 0x1000) = 2086 0
  47. 2032/0x6a77: close_nocancel(0x3) = 0 0
  48. 2032/0x6a77: open_nocancel("/usr/share/locale/en_US.UTF-8/LC_CTYPE\0", 0x0, 0x1B6) = 3 0
  49. 2032/0x6a77: fstat64(0x3, 0x7FFF5FBFF170, 0x0) = 0 0
  50. 2032/0x6a77: fstat64(0x3, 0x7FFF5FBFEF50, 0x7FFF5FBFF01C) = 0 0
  51. 2032/0x6a77: lseek(0x3, 0x0, 0x1) = 0 0
  52. 2032/0x6a77: lseek(0x3, 0x0, 0x0) = 0 0
  53. 2032/0x6a77: read_nocancel(0x3, "RuneMagAUTF-8\0", 0x1000) = 4096 0
  54. 2032/0x6a77: read_nocancel(0x3, "\0", 0x1000) = 4096 0
  55. 2032/0x6a77: read_nocancel(0x3, "\0", 0x1000) = 4096 0
  56. 2032/0x6a77: read_nocancel(0x3, "\0", 0x1000) = 4096 0
  57. 2032/0x6a77: read_nocancel(0x3, "\0", 0x1000) = 4096 0
  58. 2032/0x6a77: read_nocancel(0x3, "\0", 0x1000) = 4096 0
  59. 2032/0x6a77: read_nocancel(0x3, "@\004\211\0", 0xDB70) = 56176 0
  60. 2032/0x6a77: close_nocancel(0x3) = 0 0
  61. 2032/0x6a77: open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MONETARY\0", 0x0, 0x7FFF5FBFF23A) = 3 0
  62. 2032/0x6a77: fstat64(0x3, 0x7FFF5FBFF180, 0x0) = 0 0
  63. 2032/0x6a77: read_nocancel(0x3, "USD \n$\n.\n,\n3;3\n\n-\n2\n2\n1\n0\n1\n0\n1\n1\n\b\0", 0x22) = 34 0
  64. 2032/0x6a77: close_nocancel(0x3) = 0 0
  65. 2032/0x6a77: open_nocancel("/usr/share/locale/en_US.UTF-8/LC_NUMERIC\0", 0x0, 0x7FFF5FBFF249) = 3 0
  66. 2032/0x6a77: fstat64(0x3, 0x7FFF5FBFF190, 0x0) = 0 0
  67. 2032/0x6a77: read_nocancel(0x3, ".\n,\n3;3\n@$\b\0", 0x8) = 8 0
  68. 2032/0x6a77: close_nocancel(0x3) = 0 0
  69. 2032/0x6a77: open_nocancel("/usr/share/locale/en_US.UTF-8/LC_TIME\0", 0x0, 0x7FFF5FBFF246) = 3 0
  70. 2032/0x6a77: fstat64(0x3, 0x7FFF5FBFF190, 0x0) = 0 0
  71. 2032/0x6a77: read_nocancel(0x3, "Jan\nFeb\nMar\nApr\nMay\nJun\nJul\nAug\nSep\nOct\nNov\nDec\nJanuary\nFebruary\nMarch\nApril\nMay\nJune\nJuly\nAugust\nSeptember\nOctober\nNovember\nDecember\nSun\nMon\nTue\nWed\nThu\nFri\nSat\nSunday\nMonday\nTuesday\nWednesday\nThursday\nFriday\nSaturday\n%H:%M:%S\n%m/%d/%Y\n%a %b %e %X %Y\nAM\nP", 0x179) = 377 0
  72. 2032/0x6a77: close_nocancel(0x3) = 0 0
  73. 2032/0x6a77: open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/LC_MESSAGES\0", 0x0, 0x7FFF5FBFF256) = 3 0
  74. 2032/0x6a77: fstat64(0x3, 0x7FFF5FBFF190, 0x0) = 0 0
  75. 2032/0x6a77: read_nocancel(0x3, "^[yYsS].*\n^[nN].*\n(\0", 0x12) = 18 0
  76. 2032/0x6a77: close_nocancel(0x3) = 0 0
  77. 2032/0x6a77: getuid(0x1001005E5, 0x100071063, 0x0) = 0 0
  78. 2032/0x6a77: getgid(0x0, 0x100071063, 0x0) = 0 0
  79. 2032/0x6a77: geteuid(0x0, 0x100071063, 0x0) = 0 0
  80. 2032/0x6a77: getegid(0x0, 0x100071063, 0x0) = 0 0
  81. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF740) = 0x0 0
  82. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF730, 0x0) = 0 0
  83. 2032/0x6a77: fstat64(0x2, 0x7FFF5FBFF640, 0x7FFF5FBFF71C) = 0 0
  84. 2032/0x6a77: fstat64(0x1, 0x7FFF5FBFF640, 0x7FFF5FBFF71C) = 0 0
  85. 2032/0x6a77: sigaction(0x14, 0x7FFF5FBFF6E0, 0x7FFF5FBFF710) = 0 0
  86. 2032/0x6a77: sigaction(0x14, 0x7FFF5FBFF6E0, 0x7FFF5FBFF710) = 0 0
  87. 2032/0x6a77: sigaction(0x2, 0x7FFF5FBFF6E0, 0x7FFF5FBFF710) = 0 0
  88. 2032/0x6a77: sigaction(0x2, 0x7FFF5FBFF6E0, 0x7FFF5FBFF710) = 0 0
  89. 2032/0x6a77: sigaction(0x3, 0x7FFF5FBFF6E0, 0x7FFF5FBFF710) = 0 0
  90. 2032/0x6a77: sigaction(0x3, 0x7FFF5FBFF6E0, 0x7FFF5FBFF710) = 0 0
  91. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x1000A69F8) = 0x0 0
  92. 2032/0x6a77: sigaction(0x3, 0x7FFF5FBFF690, 0x7FFF5FBFF720) = 0 0
  93. 2032/0x6a77: __sysctl(0x7FFF5FBFF610, 0x2, 0x7FFF5FBFF620) = 0 0
  94. 2032/0x6a77: stat64("/Users/asimmons/Development/RosettaReader/trunk\0", 0x7FFF5FBFF5F0, 0x0) = 0 0
  95. 2032/0x6a77: stat64(".\0", 0x7FFF5FBFF560, 0x0) = 0 0
  96. 2032/0x6a77: getppid(0x1000BC000, 0x100100000, 0xFC080) = 2019 0
  97. 2032/0x6a77: getpgrp(0x0, 0x10010307, 0x0) = 2017 0
  98. 2032/0x6a77: sigaction(0x14, 0x7FFF5FBFF6D0, 0x7FFF5FBFF700) = 0 0
  99. 2032/0x6a77: getrlimit(0x1007, 0x7FFF5FBFF6C0, 0x7FFF897CD2EC) = 0 0
  100. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF740) = 0x0 0
  101. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF730, 0x0) = 0 0
  102. 2032/0x6a77: open("/usr/local/bin/wireshark\0", 0x0, 0x0) = 3 0
  103. 2032/0x6a77: ioctl(0x3, 0x4004667A, 0x7FFF5FBFF5BC) = -1 Err#25
  104. 2032/0x6a77: ioctl(0x3, 0x40487413, 0x7FFF5FBFF5C0) = -1 Err#25
  105. 2032/0x6a77: lseek(0x3, 0x0, 0x1) = 0 0
  106. 2032/0x6a77: read(0x3, "#!/bin/sh\n#\n# $Id: utility-launcher 26612 2008-10-28 21:53:39Z stig $\n#\n# Wiresh@\004\b\0", 0x50) = 80 0
  107. 2032/0x6a77: lseek(0x3, 0x0, 0x0) = 0 0
  108. 2032/0x6a77: getdtablesize(0x3, 0x0, 0xFFFFFFFF) = 256 0
  109. 2032/0x6a77: dup2(0x3, 0xFF, 0x100) = 255 0
  110. 2032/0x6a77: close(0x3) = 0 0
  111. 2032/0x6a77: fcntl(0xFF, 0x2, 0x1) = 0 0
  112. 2032/0x6a77: fcntl(0xFF, 0x3, 0x0) = 0 0
  113. 2032/0x6a77: fstat64(0xFF, 0x7FFF5FBFF670, 0x0) = 0 0
  114. 2032/0x6a77: lseek(0xFF, 0x0, 0x1) = 0 0
  115. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  116. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  117. 2032/0x6a77: read(0xFF, "#!/bin/sh\n#\n# $Id: utility-launcher 26612 2008-10-28 21:53:39Z stig $\n#\n# Wireshark CLI utility launcher\n\nif [ -z \"$WIRESHARK_APP_DIR\" ] ; then\n\tWIRESHARK_APP_DIR=\"/Applications/Wireshark.app\"\nfi\n\nif [ ! -d \"$WIRESHARK_APP_DIR\" ] ; then\n\techo \"Wireshark do", 0x1E2) = 482 0
  118. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  119. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  120. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  121. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  122. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  123. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  124. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  125. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  126. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  127. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  128. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  129. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  130. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF410) = 0x0 0
  131. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF400, 0x0) = 0 0
  132. 2032/0x6a77: sigprocmask(0x3, 0x7FFF5FBFF410, 0x0) = 0x0 0
  133. 2032/0x6a77: sigreturn(0x0, 0x80000000, 0x0) = 0 0
  134. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  135. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  136. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  137. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  138. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF410) = 0x0 0
  139. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF400, 0x0) = 0 0
  140. 2032/0x6a77: stat64("/Applications/Wireshark.app\0", 0x7FFF5FBFF320, 0x10002F338) = 0 0
  141. 2032/0x6a77: sigprocmask(0x3, 0x7FFF5FBFF410, 0x0) = 0x0 0
  142. 2032/0x6a77: sigreturn(0x0, 0x80000000, 0x0) = 0 0
  143. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  144. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  145. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  146. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  147. 2032/0x6a77: pipe(0x7FFF5FBFEC60, 0x7FFF710F4650, 0x7FFF710F4650) = 3 0
  148. 2032/0x6a77: sigprocmask(0x1, 0x7FFF5FBFEBFC, 0x7FFF5FBFEBF8) = 0x0 0
  149. 2032/0x6a77: sigprocmask(0x3, 0x7FFF5FBFEBF8, 0x0) = 0x0 0
  150. 2032/0x6a77: sigprocmask(0x1, 0x7FFF5FBFEBEC, 0x7FFF5FBFEBE8) = 0x0 0
  151. 2032/0x6a77: lseek(0xFF, 0xFFFFFFFFFFFFFFC0, 0x1) = 418 0
  152. 2032/0x6a77: fork() = 2033 0
  153. 2032/0x6a77: sigprocmask(0x3, 0x7FFF5FBFEBE8, 0x0) = 0x0 0
  154. 2032/0x6a77: sigaction(0x14, 0x7FFF5FBFEBC0, 0x7FFF5FBFEBF0) = 0 0
  155. 2032/0x6a77: close(0x4) = 0 0
  156. 2033/0x6a7a: close(0xFF) = 0 0
  157. 2033/0x6a7a: sigprocmask(0x3, 0x1000A69F8, 0x0) = 0x0 0
  158. 2033/0x6a7a: sigaction(0x12, 0x7FFF5FBFEB70, 0x7FFF5FBFEBA0) = 0 0
  159. 2033/0x6a7a: sigaction(0x15, 0x7FFF5FBFEB70, 0x7FFF5FBFEBA0) = 0 0
  160. 2033/0x6a7a: sigaction(0x16, 0x7FFF5FBFEB80, 0x7FFF5FBFEBB0) = 0 0
  161. 2033/0x6a7a: sigaction(0x2, 0x7FFF5FBFEB70, 0x7FFF5FBFEBA0) = 0 0
  162. 2033/0x6a7a: sigaction(0x3, 0x7FFF5FBFEB70, 0x7FFF5FBFEBA0) = 0 0
  163. 2033/0x6a7a: sigaction(0x14, 0x7FFF5FBFEB70, 0x7FFF5FBFEBA0) = 0 0
  164. 2033/0x6a7a: sigaction(0x14, 0x7FFF5FBFEBC0, 0x7FFF5FBFEBF0) = 0 0
  165. 2033/0x6a7a: sigaction(0x2, 0x7FFF5FBFEBC0, 0x7FFF5FBFEBF0) = 0 0
  166. 2033/0x6a7a: dup2(0x4, 0x1, 0x0) = 1 0
  167. 2033/0x6a7a: close(0x4) = 0 0
  168. 2033/0x6a7a: close(0x3) = 0 0
  169. 2033/0x6a7a: sigprocmask(0x1, 0x0, 0x7FFF5FBFEC00) = 0x0 0
  170. 2033/0x6a7a: sigaltstack(0x0, 0x7FFF5FBFEBF0, 0x0) = 0 0
  171. 2033/0x6a7a: sigprocmask(0x1, 0x0, 0x7FFF5FBFEBA0) = 0x0 0
  172. 2033/0x6a7a: sigaltstack(0x0, 0x7FFF5FBFEB90, 0x0) = 0 0
  173. 2033/0x6a7a: stat64(".\0", 0x7FFF5FBFE940, 0x100103880) = 0 0
  174. 2033/0x6a7a: stat64("/Users/asimmons/.rvm/gems/ruby-1.9.2-p320/bin/basename\0", 0x7FFF5FBFE840, 0x100103557) = -1 Err#2
  175. 2033/0x6a7a: stat64("/Users/asimmons/.rvm/gems/ruby-1.9.2-p320@global/bin/basename\0", 0x7FFF5FBFE840, 0x10010359E) = -1 Err#2
  176. 2033/0x6a7a: stat64("/Users/asimmons/.rvm/rubies/ruby-1.9.2-p320/bin/basename\0", 0x7FFF5FBFE840, 0x100103559) = -1 Err#2
  177. 2033/0x6a7a: stat64("/Users/asimmons/.rvm/bin/basename\0", 0x7FFF5FBFE840, 0x100103512) = -1 Err#2
  178. 2033/0x6a7a: stat64("/opt/local/bin/basename\0", 0x7FFF5FBFE840, 0x1001038A8) = -1 Err#2
  179. 2033/0x6a7a: stat64("/opt/local/sbin/basename\0", 0x7FFF5FBFE840, 0x1001038A9) = -1 Err#2
  180. 2033/0x6a7a: stat64("/sw/bin/basename\0", 0x7FFF5FBFE840, 0x1001038A1) = -1 Err#2
  181. 2033/0x6a7a: stat64("/sw/sbin/basename\0", 0x7FFF5FBFE840, 0x1001038A2) = -1 Err#2
  182. 2033/0x6a7a: stat64("/usr/bin/basename\0", 0x7FFF5FBFE840, 0x1001038A2) = 0 0
  183. 2033/0x6a7a: stat64("/usr/bin/basename\0", 0x7FFF5FBFE880, 0x7FFF710F4650) = 0 0
  184. 2033/0x6a7a: sigaction(0x2, 0x7FFF5FBFE9A0, 0x7FFF5FBFE9D0) = 0 0
  185. 2033/0x6a7a: sigaction(0x3, 0x7FFF5FBFE9A0, 0x7FFF5FBFE9D0) = 0 0
  186. 2033/0x6a7a: sigaction(0x14, 0x7FFF5FBFE9A0, 0x7FFF5FBFE9D0) = 0 0
  187. 2033/0x6a7a: execve(0x100103890, 0x1001045F0, 0x1001041D0) = 0 0
  188. 2033/0x6a7a: getpid(0x7FFF5FBFF770, 0x7FFFFFE00050, 0x0) = 2033 0
  189. 2033/0x6a7a: open_nocancel("/dev/urandom\0", 0x0, 0x0) = 3 0
  190. 2033/0x6a7a: read_nocancel(0x3, "4yd\360\337\263\177^\334V\033\347\257\216o\004\200\005\006&`qL\366\350\334\261\254\003\264\"\"x\243n:\267%|\331\033\321\004\364?\032\245T\030\0", 0x6C) = 108 0
  191. 2033/0x6a7a: close_nocancel(0x3) = 0 0
  192. 2033/0x6a7a: issetugid(0x100000000, 0x7FFF5FBFFA38, 0x7FFF5FC40530) = 0 0
  193. 2033/0x6a7a: geteuid(0x100000000, 0x7FFF5FBFFA38, 0x0) = 0 0
  194. 2033/0x6a7a: __sysctl(0x7FFF5FBFD660, 0x2, 0x7FFF5FBFD620) = 0 0
  195. 2033/0x6a7a: __sysctl(0x7FFF5FBFD620, 0x2, 0x7FFF5FBFD6BC) = 0 0
  196. 2033/0x6a7a: shared_region_check_np(0x7FFF5FBFD828, 0x0, 0x7FFF5FC1DC86) = 0 0
  197. 2033/0x6a7a: stat64("/usr/lib/libSystem.B.dylib\0", 0x7FFF5FBFC9E0, 0x7FFF5FBFD020) = 0 0
  198. 2033/0x6a7a: stat64("/usr/lib/system/libmathCommon.A.dylib\0", 0x7FFF5FBFC890, 0x7FFF5FBFCED0) = 0 0
  199. 2033/0x6a7a: madvise(0x7FFF8ACC3000, 0x2000, 0x5) = 0 0
  200. 2033/0x6a7a: open("/dev/dtracehelper\0", 0x2, 0x7FFF5FC45130) = 3 0
  201. 2032/0x6a77: read(0x3, "wireshark\n\0", 0x80) = 10 0
  202. 2032/0x6a77: read(0x3, "\0", 0x80) = 0 0
  203. 2032/0x6a77: wait4(0xFFFFFFFF, 0x7FFF5FBFE63C, 0x1) = 2033 0
  204. 2032/0x6a77: wait4(0xFFFFFFFF, 0x7FFF5FBFE63C, 0x1) = -1 Err#10
  205. 2032/0x6a77: sigreturn(0x7FFF5FBFEB30, 0x1E, 0xFFFFFFFFFFFFFFFF) = 0 Err#-2
  206. 2032/0x6a77: close(0x3) = 0 0
  207. 2032/0x6a77: sigprocmask(0x1, 0x7FFF5FBFEBDC, 0x7FFF5FBFEBD8) = 0x0 0
  208. 2032/0x6a77: sigaction(0x2, 0x7FFF5FBFEB60, 0x7FFF5FBFEB90) = 0 0
  209. 2032/0x6a77: sigprocmask(0x3, 0x7FFF5FBFEBD8, 0x0) = 0x0 0
  210. 2032/0x6a77: sigaction(0x2, 0x7FFF5FBFEB60, 0x7FFF5FBFEB90) = 0 0
  211. 2032/0x6a77: sigprocmask(0x1, 0x0, 0x7FFF5FBFF700) = 0x0 0
  212. 2032/0x6a77: sigaltstack(0x0, 0x7FFF5FBFF6F0, 0x0) = 0 0
  213. 2032/0x6a77: read(0xFF, "exec \"$WIRESHARK_APP_DIR/Contents/Resources/bin/$APPNAME\" \"$@\"\n\n\0", 0x1E2) = 64 0
  214. 2032/0x6a77: sigaction(0x2, 0x7FFF5FBFF440, 0x7FFF5FBFF470) = 0 0
  215. 2032/0x6a77: sigaction(0x3, 0x7FFF5FBFF440, 0x7FFF5FBFF470) = 0 0
  216. 2032/0x6a77: sigaction(0x14, 0x7FFF5FBFF440, 0x7FFF5FBFF470) = 0 0
  217. 2032/0x6a77: madvise(0x7FFF8ACC3000, 0x2000, 0x5) = 0 0
  218. 2032/0x6a77: open("/dev/dtracehelper\0", 0x2, 0x7FFF5FC45348) = 3 0
  219. 2032/0x6a77: ioctl(0x3, 0x80086804, 0x7FFF5FBFD570) = 0 0
  220. 2032/0x6a77: close(0x3) = 0 0
  221. 2032/0x6a77: stat64("/usr/lib/libstdc++.6.dylib\0", 0x7FFF5FBFC980, 0x7FFF5FBFCFC0) = 0 0
  222. 2032/0x6a77: open("/dev/dtracehelper\0", 0x2, 0x7FFF5FC45410) = 3 0
  223. 2032/0x6a77: ioctl(0x3, 0x80086804, 0x7FFF5FBFD570) = 0 0
  224. 2032/0x6a77: close(0x3) = 0 0
  225. 2032/0x6a77: __sysctl(0x7FFF5FBFD460, 0x2, 0x7FFF5FBFD450) = 0 0
  226. 2032/0x6a77: bsdthread_register(0x7FFF89802E7C, 0x7FFF897E3A98, 0x2000) = 0 0
  227. 2032/0x6a77: thread_selfid(0x7FFF89802E7C, 0x7FFF897E3A98, 0x0) = 27255 0
  228. 2032/0x6a77: open_nocancel("/dev/urandom\0", 0x0, 0x7FFF710FDC00) = 3 0
  229. 2032/0x6a77: read_nocancel(0x3, "\362\235\350\017 \356\211\217y&\315;\377C\016\006\305z\207+\377S\370v\204\3238\254wj\232D\205\2352\201\344yk\217\237'\032\264\237\300\273p\301\230\034\213\266\237\365\300)a\306\031+^\366\247\0", 0x40) = 64 0
  230. 2032/0x6a77: close_nocancel(0x3) = 0 0
  231. 2032/0x6a77: mmap(0x0, 0x3000, 0x3, 0x1002, 0x1000000, 0x7FFF00000001) = 0xBB000 0
  232. 2032/0x6a77: __sysctl(0x7FFF5FBFD2E0, 0x2, 0x7FFF5FBFD2A0) = 0 0
  233. 2032/0x6a77: __sysctl(0x7FFF5FBFD2A0, 0x2, 0x7FFF5FBFD338) = 0 0
  234. 2032/0x6a77: getpid(0x7FFF5FBFD230, 0x7FFFFFE00050, 0x0) = 2032 0
  235. 2032/0x6a77: open_nocancel("/dev/urandom\0", 0x0, 0x0) = 3 0
  236. 2032/0x6a77: read_nocancel(0x3, "\3725\302L^\202\210\267\305U\244\331$\373\250\027p\251\305\337M\n\216\320\361\033\030\035\301\005\256[pR\376\036]&0\355*\345\375\273\200\006n\214\266\310`\a\317\204\246+.\311\2063\177j\367\b\221\215\346o\202\2435k0%R\301\275\241\375\002R\352\204\033\201\a\031\030\370\2759\3532\220=Y\336\301\230\227/\023\262\351D1\tj\0", 0x6C) = 108 0
  237. 2032/0x6a77: close_nocancel(0x3) = 0 0
  238. 2032/0x6a77: __sysctl(0x7FFF5FBFD2E0, 0x2, 0x7FFF5FBFD30C) = 0 0
  239. 2032/0x6a77: mmap(0x0, 0x17000, 0x3, 0x1002, 0x1000000, 0x7FFF00000001) = 0xBE000 0
  240. 2032/0x6a77: mmap(0x0, 0x17000, 0x3, 0x1002, 0x1000000, 0x7FFF00000001) = 0xD5000 0
  241. 2032/0x6a77: mmap(0x0, 0x1000, 0x3, 0x1002, 0x1000000, 0x7FFF00000001) = 0xEC000 0
  242. 2032/0x6a77: mmap(0x0, 0x200000, 0x3, 0x1002, 0x7000000, 0x7FFF00000001) = 0xED000 0
  243. 2032/0x6a77: munmap(0x1000ED000, 0x13000) = 0 0
  244. 2032/0x6a77: munmap(0x100200000, 0xED000) = 0 0
  245. 2032/0x6a77: __sysctl(0x7FFF5FBFD440, 0x2, 0x7FFF5FBFD400) = 0 0
  246. 2032/0x6a77: __sysctl(0x7FFF5FBFD400, 0x2, 0x7FFF7110A7A0) = 0 0
  247. 2032/0x6a77: __sysctl(0x7FFF5FBFD440, 0x2, 0x7FFF5FBFD400) = 0 0
  248. 2032/0x6a77: __sysctl(0x7FFF5FBFD400, 0x2, 0x7FFF7110A7A4) = 0 0
  249. 2032/0x6a77: __sysctl(0x7FFF5FBFD440, 0x2, 0x7FFF5FBFD400) = 0 0
  250. 2032/0x6a77: __sysctl(0x7FFF5FBFD400, 0x2, 0x7FFF7110A7A8) = 0 0
  251. 2032/0x6a77: mmap(0x0, 0x3000, 0x3, 0x1002, 0x1000000, 0x7FFF00000001) = 0xED000 0
  252. 2032/0x6a77: __sysctl(0x7FFF5FBFD410, 0x2, 0x7FFF5FBFD3D0) = 0 0
  253. 2032/0x6a77: __sysctl(0x7FFF5FBFD3D0, 0x2, 0x7FFF5FBFD468) = 0 0
  254. 2032/0x6a77: __sysctl(0x7FFF5FBFD410, 0x2, 0x7FFF5FBFD43C) = 0 0
  255. 2032/0x6a77: mmap(0x0, 0x17000, 0x3, 0x1002, 0x1000000, 0x7FFF00000001) = 0x200000 0
  256. 2032/0x6a77: mmap(0x0, 0x17000, 0x3, 0x1002, 0x1000000, 0x7FFF00000001) = 0x217000 0
  257. 2032/0x6a77: mmap(0x0, 0x200000, 0x3, 0x1002, 0x7000000, 0x7FFF00000001) = 0x22E000 0
  258. 2032/0x6a77: munmap(0x10022E000, 0xD2000) = 0 0
  259. 2032/0x6a77: munmap(0x100400000, 0x2E000) = 0 0
  260. 2033/0x6a7a: fork() = 0 0
  261. 2033/0x6a7a: thread_selfid(0x7FFF71100CC0, 0x3, 0x1) = 27258 0
  262. 2033/0x6a7a: getpid(0x7FFF71100CC0, 0x3, 0x0) = 2033 0
  263. 2033/0x6a7a: ioctl(0x3, 0x80086804, 0x7FFF5FBFD5C0) = 0 0
  264. 2033/0x6a7a: close(0x3) = 0 0
  265. 2033/0x6a7a: __sysctl(0x7FFF5FBFD500, 0x2, 0x7FFF5FBFD4F0) = 0 0
  266. 2033/0x6a7a: bsdthread_register(0x7FFF89802E7C, 0x7FFF897E3A98, 0x2000) = 0 0
  267. 2033/0x6a7a: thread_selfid(0x7FFF89802E7C, 0x7FFF897E3A98, 0x0) = 27258 0
  268. 2033/0x6a7a: open_nocancel("/dev/urandom\0", 0x0, 0x7FFF710FDC00) = 3 0
  269. 2033/0x6a7a: read_nocancel(0x3, "\341Y!\240y5Yc\330&\237\035\372G\027u\355\026_)\016E\352\340\006R\216W\"\312gi\241$\307I\263\221\025J`J\3152\335={a\"\273\267\243\026\034\223\021\227\264]L\b'\v\372\0", 0x40) = 64 0
  270. 2033/0x6a7a: close_nocancel(0x3) = 0 0
  271. 2033/0x6a7a: mmap(0x0, 0x3000, 0x3, 0x1002, 0x1000000, 0x7FFF00000001) = 0x4000 0
  272. 2033/0x6a7a: __sysctl(0x7FFF5FBFD380, 0x2, 0x7FFF5FBFD340) = 0 0
  273. 2033/0x6a7a: __sysctl(0x7FFF5FBFD340, 0x2, 0x7FFF5FBFD3D8) = 0 0
  274. 2033/0x6a7a: getpid(0x7FFF5FBFD2D0, 0x7FFFFFE00050, 0x0) = 2033 0
  275. 2033/0x6a7a: open_nocancel("/dev/urandom\0", 0x0, 0x0) = 3 0
  276. 2033/0x6a7a: read_nocancel(0x3, "\302\321\257\3616\361\346\202<\034\243\225\344\333\fp\021A\212\311Jv\255V'W\303\342\215\307H\374o\327\361\0169\005\254\220_4\337\345\367\262D\343\231U`p\324\354<\304\t\220\366\217AO\345y\352\240F\303P,\270\016s\260\234n\r|\316o\262\257\035?'\026J\344\251\215\354M\273\037\350\3303f\t4\324l\310\374Q\254c,\0", 0x6C) = 108 0
  277. 2033/0x6a7a: close_nocancel(0x3) = 0 0
  278. 2033/0x6a7a: __sysctl(0x7FFF5FBFD380, 0x2, 0x7FFF5FBFD3AC) = 0 0
  279. 2033/0x6a7a: mmap(0x0, 0x17000, 0x3, 0x1002, 0x1000000, 0x7FFF00000001) = 0x7000 0
  280. 2033/0x6a7a: mmap(0x0, 0x17000, 0x3, 0x1002, 0x1000000, 0x7FFF00000001) = 0x1E000 0
  281. 2033/0x6a7a: mmap(0x0, 0x1000, 0x3, 0x1002, 0x1000000, 0x7FFF00000001) = 0x35000 0
  282. 2033/0x6a7a: mmap(0x0, 0x200000, 0x3, 0x1002, 0x7000000, 0x7FFF00000001) = 0x36000 0
  283. 2033/0x6a7a: munmap(0x100036000, 0xCA000) = 0 0
  284. 2033/0x6a7a: munmap(0x100200000, 0x36000) = 0 0
  285. 2033/0x6a7a: __sysctl(0x7FFF5FBFD4E0, 0x2, 0x7FFF5FBFD4A0) = 0 0
  286. 2033/0x6a7a: __sysctl(0x7FFF5FBFD4A0, 0x2, 0x7FFF7110A7A0) = 0 0
  287. 2033/0x6a7a: __sysctl(0x7FFF5FBFD4E0, 0x2, 0x7FFF5FBFD4A0) = 0 0
  288. 2033/0x6a7a: __sysctl(0x7FFF5FBFD4A0, 0x2, 0x7FFF7110A7A4) = 0 0
  289. 2033/0x6a7a: __sysctl(0x7FFF5FBFD4E0, 0x2, 0x7FFF5FBFD4A0) = 0 0
  290. 2033/0x6a7a: __sysctl(0x7FFF5FBFD4A0, 0x2, 0x7FFF7110A7A8) = 0 0
  291. 2033/0x6a7a: mmap(0x0, 0x1000000, 0x3, 0x1002, 0x2000000, 0x7FFF00000001) = 0x200000 0
  292. 2033/0x6a7a: munmap(0x100200000, 0x600000) = 0 0
  293. 2033/0x6a7a: munmap(0x101000000, 0x200000) = 0 0
  294. 2033/0x6a7a: getrlimit(0x1008, 0x7FFF5FBFF7A0, 0x7FFF897CD2EC) = 0 0
  295. 2033/0x6a7a: fstat64(0x1, 0x7FFF5FBFF730, 0x7FFF5FBFF7FC) = 0 0
  296. 2033/0x6a7a: write_nocancel(0x1, "wireshark\n\0", 0xA) = 10 0
  297.  
  298. $
RAW Paste Data