my machine is continously making udp dns traffic request. what i need to know is the PID of the process generating this traffic.
The normal way in TCP connection is to use netstat/lsof and get the process associated at the pid.
Is UDP the connection is stateles, so, when i call netastat/lsof i can see it only if the UDP socket is opened and it's sending traffic.
I have tried with lsof -i UDP and with nestat -anpue but i cant be able to find wich process is doing that request because i need to call lsof/netstat exactly when the udp traffic is sended, if i call lsof/netstat before/after the udp datagram is sended is impossible to view the opened UDP socket.
call netstat/lsof exactly when 3/4 udp packet is sended is IMPOSSIBLE.
how i can identify the infamous process ? I have already inspected the traffic to try to identify the sended PID from the content of the packet, but is not possible to identify it from the contect of the traffic.
anyone can help me ?
I'm root on this machine FEDORA 12 Linux noise.company.lan 2.6.32.16-141.fc12.x86_64 #1 SMP Wed Jul 7 04:49:59 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
EDIT:
i have asked the same question on superuser platform
More related place to this kind of question OFF COURSE!!
Click here, You can find the right answer in the right place
Are these UDP DNS requests going to the name servers your Fedora box is configured to use? Just opening Firefox and going to http://www.google.com will generate a stream of UDP packets as name resolution happens. Run tcpdump port 53
in a terminal window, open Firefox and go to some website, you'll see what I mean.