[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: network using processes



Chris Hoefler wrote:

Does anybody know a quick way to determine which processes are using which network interfaces? Something like lsof, only for network interfaces? I have a Debian testing/unstable workstation that seems to be sending and responding to a bunch of dns traffic on the local network. It shouldn't be doing this, so I want to determine the process responsible.

-

Generally (there are probably some exceptions such as dhcpd, arpwatch) they don't.. IP/{UDP,TCP} applications open a socket, and having got organised send packets "into the air." The kernel determines which interface to send traffic through - that's what the routing tables control.

To see what traffic is going through an interface, use tcpdump or ethereal.

Depending on your entwork topography you can run it on the box under question, any other box between the endpoints and/or on a machine on the same wired subnet (for this you have to use a non-switching hub)..

Someone the other day remarked how terrrific strace is. tcpdump and ethereal are the network equivalents. Ethereal prettier to look at is more instructive, but needs a GUI environment.




--

Cheers
John

-- spambait
1aaaaaaa@computerdatasafe.com.au  Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/



Reply to: