LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Which process is making DNS queries? (https://www.linuxquestions.org/questions/linux-networking-3/which-process-is-making-dns-queries-385845/)

TruckStuff 11-23-2005 11:37 AM

Which process is making DNS queries?
 
Since last night, snort has been picking up a lot of UDP Port unreachable packets directed at our mail server. After watching the server for a little while, I've found that the server is attempting to make a DNS query to a specific IP address. No DNS server operates on that address, so the UDP packet is returend.

My problem is that I can't figure out why its making these queries or why its querying this IP address. My guess is that someone's DNS is not configured properly somewhere, but I can't tell. Whois and reverse lookups on the IP in question don't reveal anything of consequence. There are no messages in the mail queue directed at the domain to which the IP belongs.

How can I determine which process is making these requests?

PenguinPwrdBox 11-23-2005 06:31 PM

On a remote machine?
You may try to sniff it.
If you know what machine it is - tcpdump

TruckStuff 11-28-2005 03:30 PM

Quote:

Originally posted by PenguinPwrdBox
On a remote machine?
You may try to sniff it.
If you know what machine it is - tcpdump

Tried that. That's how I even found out it was a DNS query generating the ICMP packets. AFAICT, tcpdump doesn't tell me anything about the process initiating the request.

PenguinPwrdBox 11-29-2005 12:16 AM

That's correct. It won't tell you the process....however, you can use it to troubleshoot which one is....

TruckStuff 11-29-2005 05:05 PM

Quote:

Originally posted by PenguinPwrdBox
That's correct. It won't tell you the process....however, you can use it to troubleshoot which one is....
So should I repost my OP or wait a while? :)


All times are GMT -5. The time now is 03:10 AM.