[Novalug] Finding PID That Is Querying DNS
Kevin Dwyer
kevin at pheared.net
Wed Oct 3 12:13:17 EDT 2007
On Wed, Oct 03, 2007 at 08:54:13AM -0500, Bernie Hoefer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Kevin Dwyer wrote:
> ===
> > Try running it as root. You need superuser privileges to see this
> > information on sockets you don't own.
> ===
> Sorry I wasn't clear; I *was* running netstat and lsof as root on
> the machine sending the DNS queries.
Ah, in that case the kernel is most likely responsible. netstat run as
root will not show a PID for connections made by the kernel. (This is
easy to notice when you mount an NFS drive, for instance.)
Now, I don't know which module exactly would do this or the best way to
track it down, but this should at least narrow your search.
-kpd
More information about the Novalug
mailing list