My machine is continously making udp dns traffic request. what i need to know is the PID of the process generating this traffic.
The normal way in TCP connection is to use netstat/lsof and get the process associated at the pid.
Is UDP the connection is stateles, so, when i call netastat/lsof I can see it only if the UDP socket is opened and it's sending traffic.
I have tried with lsof -i UDP
and with nestat -anpue
, but I can't find wich process is doing that request because i need to call lsof/netstat exactly when the udp traffic is sended, if i call lsof/netstat before/after the udp datagram is sended is impossible to view the opened UDP socket.
Call netstat/lsof exactly when 3/4 udp packet is sended is IMPOSSIBLE.
How I can identify the infamous process? I have already inspected the traffic to try to identify the sended PID from the content of the packet, but is not possible to identify it from the contect of the traffic.
Anyone can help me ?
I'm root on this machine FEDORA 12 Linux noise.company.lan 2.6.32.16-141.fc12.x86_64 #1 SMP Wed Jul 7 04:49:59 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux