Re: network using processes
Chris Hoefler wrote:
Does anybody know a quick way to determine which processes are using which
network interfaces? Something like lsof, only for network interfaces? I
have a Debian testing/unstable workstation that seems to be sending and
responding to a bunch of dns traffic on the local network. It shouldn't
be doing this, so I want to determine the process responsible.
-
Generally (there are probably some exceptions such as dhcpd, arpwatch)
they don't.. IP/{UDP,TCP} applications open a socket, and having got
organised send packets "into the air." The kernel determines which
interface to send traffic through - that's what the routing tables control.
To see what traffic is going through an interface, use tcpdump or ethereal.
Depending on your entwork topography you can run it on the box under
question, any other box between the endpoints and/or on a machine on the
same wired subnet (for this you have to use a non-switching hub)..
Someone the other day remarked how terrrific strace is. tcpdump and
ethereal are the network equivalents. Ethereal prettier to look at is
more instructive, but needs a GUI environment.
--
Cheers
John
-- spambait
1aaaaaaa@computerdatasafe.com.au Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
Reply to: