 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Tue, Mar 03, 2009 at 10:37:30AM -0800, Dan Kressin wrote: > --- On Tue, 3/3/09, Ben Eisenbraun <bene-Gk2boCrsRs1AfugRpC6u6w at public.gmane.org> wrote: > > > Is there any way to determine the PID of the process(es) that are doing > > > the DNS queries? > > > > SystemTap? > > > > http://sourceware.org/systemtap/examples/keyword-index.html#NETWORK > > Looks neat, but seems to require a 2.6 kernel. Mine are 2.4 (RHEL3) :( Yuck. :-/ iptables has a module that supports blocking/logging network traffic from various owners: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-7.html#ss7.3 "This module attempts to match various characteristics of the packet creator, for locally-generated packets. It is only valid in the OUTPUT chain, and even then some packets (such as ICMP ping responses) may have no owner, and hence never match. --pid-owner processid Matches if the packet was created by a process with the given process id." That option plus process accounting can probably lead you to it. -ben -- work is the curse of the drinking class. <oscar wilde>
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
