find the PID doing DNS queries?
Ben Eisenbraun
bene-Gk2boCrsRs1AfugRpC6u6w at public.gmane.org
Tue Mar 3 13:53:41 EST 2009
On Tue, Mar 03, 2009 at 10:37:30AM -0800, Dan Kressin wrote:
> --- On Tue, 3/3/09, Ben Eisenbraun <bene-Gk2boCrsRs1AfugRpC6u6w at public.gmane.org> wrote:
> > > Is there any way to determine the PID of the process(es) that are doing
> > > the DNS queries?
> >
> > SystemTap?
> >
> > http://sourceware.org/systemtap/examples/keyword-index.html#NETWORK
>
> Looks neat, but seems to require a 2.6 kernel. Mine are 2.4 (RHEL3) :(
Yuck. :-/
iptables has a module that supports blocking/logging network traffic
from various owners:
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-7.html#ss7.3
"This module attempts to match various characteristics of the packet creator,
for locally-generated packets. It is only valid in the OUTPUT chain, and even
then some packets (such as ICMP ping responses) may have no owner, and hence
never match.
--pid-owner processid
Matches if the packet was created by a process with the given process id."
That option plus process accounting can probably lead you to it.
-ben
--
work is the curse of the drinking class. <oscar wilde>
More information about the Discuss
mailing list