Is it possible to strace pinging a host?

Posted on

Problem :

I am doing this

$ strace -f ping -s 1 www.google.com
execve("/bin/ping", ["ping", "-s", "1", "www.google.com"],
   [/* 80 vars */]) = 0
getuid()                                = 1001
setuid(1001)                            = 0
getuid()                                = 1001
geteuid()                               = 1001
capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = 0
capget({_LINUX_CAPABILITY_VERSION_3, 0}, {0, 0, 0}) = 0  
socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = -1 EPERM (Operation not permitted)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(1025), 
     sin_addr=inet_addr("74.125.28.105")}, 16) = 0
write(3, "ping: icmp open socket: Operatio"..., 48
     ping: icmp open socket: Operation not permitted) = 48
close(3)                                = 0
exit_group(2)                           = ?
+++ exited with 2 +++

I have excluded a lot of extraneous lines but the crux of the matter is that it is returning exit code 2.

I am receiving exit code 0 if I execute the ping without stracing.

Am I missing some options when running strace ?

Solution :

This is a valid question and it is not a duplicate of the strace sudo command. At one time in the past the /bin/ping was a setuid executable, so at some point in the past, perhaps it was a duplicate but it isn’t a dupe today.

sudo is a setuid executable. ping uses cap_net_raw. So, I believe the answer is that strace also needs to be granted cap_net_raw:

setcap cap_net_raw+p /usr/bin/strace

This worked for me.

Or… perhaps the setuid/cap_net_raw situation is a function of distro. I am using RHEL 7.

Leave a Reply

Your email address will not be published. Required fields are marked *