How can I identify which process is making UDP traffic on Linux?

Question

My machine is continuously making udp dns traffic request. What I need to know is the PID of the process generating this traffic.

The normal way in TCP connection is to use netstat/lsof and get the process associated at the pid.

Is UDP the connection is stateless, so, when I call netastat/lsof I can see it only if the UDP socket is opened and it's sending traffic.

I have tried with lsof -i UDP and with netstat -anpue but I can't be able to find which process is doing that request because I need to call lsof/netstat exactly when the udp traffic is sent, if I call lsof/netstat before/after the udp datagram is sent is impossible to view the opened UDP socket.

call netstat/lsof exactly when 3/4 udp packet is sent is IMPOSSIBLE.

how I can identify the infamous process?

I have already inspected the traffic to try to identify the sent PID from the content of the packet, but is not possible to identify it from the content of the traffic.

anyone can help me?

I'm root on this machine FEDORA 12 Linux noise.company.lan 2.6.32.16-141.fc12.x86_64 #1 SMP Wed Jul 7 04:49:59 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux

EDIT:
I have asked the same question on superuser platform. More related place to this kind of question OF COURSE!

Click here, You can find the right answer in the right place

Answer 1

Are these UDP DNS requests going to the name servers your Fedora box is configured to use? Just opening Firefox and going to http://www.google.com will generate a stream of UDP packets as name resolution happens. Run tcpdump port 53 in a terminal window, open Firefox and go to some website, you'll see what I mean.

Answer 2

 netstat -anp |grep -i udp

进程在最后一列

Answer 3

Linux Socket Monitor can track changes to network sockets. It should alert you when new socket is opened.