Re: Networking: Ports to Programs

To: debian-user@lists.debian.org
Subject: Re: Networking: Ports to Programs
From: Mike Bird <mgb-debian@yosemite.net>
Date: Wed, 1 Aug 2007 14:21:41 -0700
Message-id: <[🔎] 200708011421.42268.mgb-debian@yosemite.net>
In-reply-to: <[🔎] 1186002599.4269.27.camel@localhost.localdomain>
References: <[🔎] 1186002599.4269.27.camel@localhost.localdomain>

On Wednesday 01 August 2007 14:09, Bill wrote:
> I'm generating spurious DNS requests from a
> variety of (closed) ephemeral ports. By the time I identify
> the port with tcpdump or snort or ethereal the request has
> been made, answered and the port closed. So I'd like to
> trace the connection back to its source program/process.
> The necessary info isn't present in a pcap dump. So what
> else is there? Any alternative approaches? Any suggestions
> welcome.

Assuming it's not just Bind querying from random ports,
try blocking incoming DNS replies to non-Bind ports so
that the processes hang around waiting for the replies.

--Mike Bird

Reply to:

References:
- Networking: Ports to Programs
  - From: Bill <bill3@uniserve.com>

Prev by Date: Re: Getting Firefox/Iceweasel to open text/pgp files?
Next by Date: Re: [OT] Re: Compile Question
Previous by thread: Networking: Ports to Programs
Next by thread: USB/udev/hal - something changed?
Index(es):
- Date
- Thread