Re: Networking: Ports to Programs
On Wednesday 01 August 2007 14:09, Bill wrote:
> I'm generating spurious DNS requests from a
> variety of (closed) ephemeral ports. By the time I identify
> the port with tcpdump or snort or ethereal the request has
> been made, answered and the port closed. So I'd like to
> trace the connection back to its source program/process.
> The necessary info isn't present in a pcap dump. So what
> else is there? Any alternative approaches? Any suggestions
> welcome.
Assuming it's not just Bind querying from random ports,
try blocking incoming DNS replies to non-Bind ports so
that the processes hang around waiting for the replies.
--Mike Bird
Reply to: