execve("/usr/local/sbin/tcpdump", ["tcpdump", "-nn", "-i", "eno1", "host", "10.X.X.X"], [/* 19 vars */]) = 0
brk(0)                                  = 0x1dc8000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8527104000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=31961, ...}) = 0
mmap(NULL, 31961, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f85270fc000
close(3)                                = 0
open("/lib64/libcrypto.so.10", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\202\6\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2016960, ...}) = 0
mmap(NULL, 4095864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8526afc000
mprotect(0x7f8526cba000, 2097152, PROT_NONE) = 0
mmap(0x7f8526eba000, 155648, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1be000) = 0x7f8526eba000
mmap(0x7f8526ee0000, 16248, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f8526ee0000
close(3)                                = 0
open("/lib64/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\"\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=44096, ...}) = 0
mmap(NULL, 2128952, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f85268f4000
mprotect(0x7f85268fb000, 2093056, PROT_NONE) = 0
mmap(0x7f8526afa000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f8526afa000
close(3)                                = 0
open("/lib64/libntapi.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@<\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=653019, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f85270fb000
mmap(NULL, 36314320, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8524652000
mprotect(0x7f852466b000, 2093056, PROT_NONE) = 0
mmap(0x7f852486a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18000) = 0x7f852486a000
mmap(0x7f852486b000, 34114768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f852486b000
close(3)                                = 0
open("/lib64/libntos.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\341\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=337748, ...}) = 0
mmap(NULL, 2230456, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8524431000
mprotect(0x7f852444a000, 2097152, PROT_NONE) = 0
mmap(0x7f852464a000, 28672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19000) = 0x7f852464a000
mmap(0x7f8524651000, 2232, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f8524651000
close(3)                                = 0
open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240l\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=142304, ...}) = 0
mmap(NULL, 2208864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8524215000
mprotect(0x7f852422b000, 2097152, PROT_NONE) = 0
mmap(0x7f852442b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f852442b000
mmap(0x7f852442d000, 13408, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f852442d000
close(3)                                = 0
open("/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260T\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1141560, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f85270fa000
mmap(NULL, 3150168, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8523f13000
mprotect(0x7f8524014000, 2093056, PROT_NONE) = 0
mmap(0x7f8524213000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x100000) = 0x7f8524213000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \34\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2107816, ...}) = 0
mmap(NULL, 3932736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8523b52000
mprotect(0x7f8523d08000, 2097152, PROT_NONE) = 0
mmap(0x7f8523f08000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b6000) = 0x7f8523f08000
mmap(0x7f8523f0e000, 16960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f8523f0e000
close(3)                                = 0
open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\16\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=19520, ...}) = 0
mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f852394e000
mprotect(0x7f8523951000, 2093056, PROT_NONE) = 0
mmap(0x7f8523b50000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f8523b50000
close(3)                                = 0
open("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p!\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=90632, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f85270f9000
mmap(NULL, 2183688, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8523738000
mprotect(0x7f852374d000, 2093056, PROT_NONE) = 0
mmap(0x7f852394c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14000) = 0x7f852394c000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f85270f8000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f85270f6000
arch_prctl(ARCH_SET_FS, 0x7f85270f6740) = 0
mprotect(0x7f8523f08000, 16384, PROT_READ) = 0
mprotect(0x7f852394c000, 4096, PROT_READ) = 0
mprotect(0x7f8523b50000, 4096, PROT_READ) = 0
mprotect(0x7f8524213000, 4096, PROT_READ) = 0
mprotect(0x7f852442b000, 4096, PROT_READ) = 0
mprotect(0x7f8526afa000, 4096, PROT_READ) = 0
mprotect(0x7f8526eba000, 106496, PROT_READ) = 0
mprotect(0x747000, 8192, PROT_READ)     = 0
mprotect(0x7f8527105000, 4096, PROT_READ) = 0
munmap(0x7f85270fc000, 31961)           = 0
set_tid_address(0x7f85270f6a10)         = 57139
set_robust_list(0x7f85270f6a20, 24)     = 0
rt_sigaction(SIGRTMIN, {0x7f852421b780, [], SA_RESTORER|SA_SIGINFO, 0x7f8524224100}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f852421b810, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f8524224100}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
access("/etc/system-fips", F_OK)        = -1 ENOENT (No such file or directory)
brk(0)                                  = 0x1dc8000
brk(0x1de9000)                          = 0x1de9000
brk(0)                                  = 0x1de9000
open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2427, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=2427, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8527103000
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 2427
lseek(3, -1550, SEEK_CUR)               = 877
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0"..., 4096) = 1550
close(3)                                = 0
munmap(0x7f8527103000, 4096)            = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2427, ...}) = 0
socket(PF_PACKET, SOCK_RAW, 768)        = 3
ioctl(3, SIOCGIWMODE, 0x7ffd197121f0)   = -1 EOPNOTSUPP (Operation not supported)
close(3)                                = 0
stat("/etc/sysconfig/64bit_strstr_via_64bit_strstr_sse2_unaligned", 0x7ffd19711e30) = -1 ENOENT (No such file or directory)
open("/proc/net/pf_ring/dev/eno1/info", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8527103000
read(3, "Name:              eno1\nIndex:  "..., 1024) = 229
close(3)                                = 0
munmap(0x7f8527103000, 4096)            = 0
socket(0x1b /* PF_??? */, SOCK_RAW, 768) = 3
setsockopt(3, SOL_IP, 0x6b /* IP_??? */, [65535], 4) = 0
setsockopt(3, SOL_IP, 0x7f /* IP_??? */, "\0", 1) = 0
bind(3, {sa_family=0x1b /* AF_??? */, sa_data="eno1\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
setsockopt(3, SOL_IP, 0x6c /* IP_??? */, "\377\377\377\377\377\377\377\377", 8) = 0
socket(PF_PACKET, SOCK_RAW, 768)        = 4
ioctl(4, SIOCSHWTSTAMP, 0x7ffd19711da0) = 0
close(4)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x7f8527103000
munmap(0x7f8527103000, 4096)            = 0
mmap(NULL, 268677120, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x7f85136fd000
setsockopt(3, SOL_IP, 0x8c /* IP_??? */, [1], 4) = 0
getsockopt(3, SOL_IP, 0xb3 /* IP_??? */, "0\0", [2]) = 0
getsockopt(3, SOL_IP, 0xb6 /* IP_??? */, [0], [4]) = 0
ioctl(3, SIOCGIFMTU, {ifr_name="eno1", ifr_mtu=1500}) = 0
getsockopt(3, SOL_IP, 0xb8 /* IP_??? */, [2], [4]) = 0
setsockopt(3, SOL_IP, 0x75 /* IP_??? */, "\1\0", 2) = 0
mmap(NULL, 266240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f85270b5000
setsockopt(3, SOL_IP, 0x6a /* IP_??? */, "\0", 1) = 0
getgid()                                = 0
setgid(0)                               = 0
getuid()                                = 0
setuid(0)                               = 0
rt_sigaction(SIGPIPE, {0x406590, [], SA_RESTORER, 0x7f8524224100}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x406590, [], SA_RESTORER, 0x7f8524224100}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, {0x406590, [], SA_RESTORER, 0x7f8524224100}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGCHLD, {0x406580, [], SA_RESTORER|SA_RESTART, 0x7f8524224100}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x406590, [], SA_RESTORER, 0x7f8524224100}, {SIG_DFL, [], 0}, 8) = 0
getuid()                                = 0
getsockopt(3, SOL_IP, 0xb8 /* IP_??? */, [2], [4]) = 0
setsockopt(3, SOL_IP, 0x1a /* IP_??? */, "\1\0\0\0\0\0\0\0\364\335t\0\0\0\0\0", 16) = -1 EFAULT (Bad address)
setsockopt(3, SOL_IP, 0x1a /* IP_??? */, "\16\0\0\0\0\0\0\0`\251\335\1\0\0\0\0", 16) = 0
rt_sigaction(SIGUSR1, {0x407010, [], SA_RESTORER, 0x7f8524224100}, {SIG_DFL, [], 0}, 8) = 0
write(2, "tcpdump: verbose output suppress"..., 75tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
) = 75
write(2, "listening on eno1, link-type EN1"..., 74listening on eno1, link-type EN10MB (Ethernet), capture size 262144 bytes
) = 74
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 6), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8527103000
write(1, "20:22:07.184944254 IP 10.X.X.X"..., 18220:22:07.184944254 IP 10.X.X.X0.22 > 10.X.X.X.39576: Flags [P.], seq 2138417011:2138417279, ack 275521342, win 30, options [nop,nop,TS val 2852611455 ecr 174033479], length 268
) = 182
write(1, "20:22:07.185032604 IP 10.X.X.X"..., 16020:22:07.185032604 IP 10.X.X.X0.22 > 10.X.X.X.39576: Flags [P.], seq 268:508, ack 1, win 30, options [nop,nop,TS val 2852611455 ecr 174033479], length 240
) = 160
write(1, "20:22:07.185119256 IP 10.X.X.X"..., 16020:22:07.185119256 IP 10.X.X.X0.22 > 10.X.X.X.39576: Flags [P.], seq 508:644, ack 1, win 30, options [nop,nop,TS val 2852611455 ecr 174033479], length 136
) = 160
write(1, "20:22:07.185530861 IP 10.X.X.X"..., 9220:22:07.185530861 IP 10.X.X.X0.49525 > 10.X.X.X.514: SYSLOG kernel.info, length: 103
) = 92
write(1, "20:22:07.185543723 IP 10.X.X.X"..., 9220:22:07.185543723 IP 10.X.X.X0.41282 > 10.X.X.X.514: SYSLOG kernel.info, length: 103
) = 92
poll([{fd=3, events=POLLIN}], 1, 500)   = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 500)   = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 500^CProcess 57139 detached