detecting which process sends out UDP traffic
This is a discussion on detecting which process sends out UDP traffic within the Linux Networking forums, part of the Linux Forums category; hi, i noticed that my system sends out a DNS request every couple of seconds. how can i find out ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-05-2004
|
|||
|
|||
detecting which process sends out UDP traffic
hi,
i noticed that my system sends out a DNS request every couple of seconds. how can i find out which process is doing this? i ran "lsof -i@dns.server.ip" which is supposed to show the process which has an open socket to the dns server's ip, but it didn't show anything. also netstat didn't show any sockets.. any way to do this? thanks in advance, -Aaron 
|
|
09-05-2004
|
|||
|
|||
|
Re: detecting which process sends out UDP traffic
On Sat, 04 Sep 2004 20:22:07 -0700, uzon wrote:
> hi, > i noticed that my system sends out a DNS request every couple of seconds. > how can i find out which process is doing this? i ran "lsof > -i@dns.server.ip" which is supposed to show the process which has an open > socket to the dns server's ip, but it didn't show anything. > also netstat didn't show any sockets.. any way to do this? > thanks in advance, The only way I know how to do this is to arrange somehow for the query not to be answered. If it's querying your own nameservers you can shut them down, or you can put in temporary firewall rules to prevent the query going out or the response coming back. Then the socket will stay open long enough to catch it with lsof. Regards, Ian
|
|
09-05-2004
|
|||
|
|||
|
Re: detecting which process sends out UDP traffic
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message In comp.os.linux.networking uzon <asb23@hotmail.com> suggested: > hi, > i noticed that my system sends out a DNS request every couple of > seconds. how can i find out which process is doing this? > i ran "lsof -i@dns.server.ip" which is supposed to show the process > which has an open socket to the dns server's ip, but it didn't show > anything. lsof -i UDP:53 Should show anything using port 53/UDP, perhaps you can work it out from there run it in a loop for a few minutes, just keep an eye on your logfile size.;) 'tcpdump' should be helpful in addition. -- Michael Heiming (GPG-Key ID: 0xEDD27B94) mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBOww+AkPEju3Se5QRAvb8AJoCNbfrHiJ9EQ28AjLj/P5UNEI1ogCgvx/1 b0PNVPu8JV3FuxetMPeEYUI= =RUTm -----END PGP SIGNATURE-----
|
Linear Mode
