packet -> PID mapping? (was look up process)

To: debian-user@lists.debian.org
Subject: packet -> PID mapping? (was look up process)
From: zelinsky@us.net (David S. Zelinsky)
Date: 13 Oct 1998 22:49:39 -0400
Message-id: <[🔎] 87hfx7amd8.fsf@us.net>
In-reply-to: 's message of Mon, 12 Oct 1998 10:10:33 -0400 (EDT)
References: <[🔎] m0zSigD-0007zgC@westgac3.dragon.com>

I deplore "me, too" followups, but this was a question I've been meaning to
ask for a long time; and since I didn't see any response for a couple of days,
I thought I'd repeat it:

<tko@westgac3.dragon.com> writes:

> I was having trouble with diald bringing up the line. A dump of the
> /var/log/ppp.log showed something connecting to local (127.0.0.1) and
> sending a DNS request (port 53 on destination IP). Is there a way to query a
> connection to find out which process is doing the connection? I'd sure like to
> know what was connecting thru local and requesting DNS.

In other words, is there a way to find out which *process* is the source or
destination of a packet?  The diald packet queue (and the packets themselves)
contain only the port number.  The port numbers must, I suppose, be mapped to
PIDs, somewhere in the kernel.  How can I get my hands on that information?

The file /proc/net/tcp seems to list the open ports, along with a UID and an
inode number.  So if there's a tool to see which process has a given inode
open, I guess that would do it.

--
David Zelinsky
zelinsky@us.net

Reply to:

Follow-Ups:
- Re: packet -> PID mapping? (was look up process)
  - From: "..." <mike@bcinternet.com>

References:
- look up process
  - From: <tko@westgac3.dragon.com>

Prev by Date: -lX11
Next by Date: Re: ls-120 drives
Previous by thread: look up process
Next by thread: Re: packet -> PID mapping? (was look up process)
Index(es):
- Date
- Thread