My machine is continuously making udp dns traffic request. What I need to know is the PID of the process generating this traffic.
The normal way in TCP connection is to use netstat/lsof and get the process associated at the pid.
Is UDP the connection is stateless, so, when I call netastat/lsof I can see it only if the UDP socket is opened and it's sending traffic.
I have tried with lsof -i UDP
and with netstat -anpue
but I can't be able to find which process is doing that request because I need to call lsof/netstat exactly when the udp traffic is sent, if I call lsof/netstat before/after the udp datagram is sent is impossible to view the opened UDP socket.
call netstat/lsof exactly when 3/4 udp packet is sent is IMPOSSIBLE.
how I can identify the infamous process?
I have already inspected the traffic to try to identify the sent PID from the content of the packet, but is not possible to identify it from the content of the traffic.
anyone can help me?
I'm root on this machine FEDORA 12 Linux noise.company.lan 2.6.32.16-141.fc12.x86_64 #1 SMP Wed Jul 7 04:49:59 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
EDIT:
I have asked the same question on superuser platform. More related place to this kind of question OF COURSE!
Click here, You can find the right answer in the right place
Are these UDP DNS requests going to the name servers your Fedora box is configured to use? Just opening Firefox and going to http://www.google.com will generate a stream of UDP packets as name resolution happens. Run tcpdump port 53
in a terminal window, open Firefox and go to some website, you'll see what I mean.
netstat -anp |grep -i udp
进程在最后一列
Linux Socket Monitor can track changes to network sockets. It should alert you when new socket is opened.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.