What program sent which packet to the network [closed]

Posted by Erik Johansson on Server Fault See other posts from Server Fault or by Erik Johansson
Published on 2010-12-16T12:23:05Z Indexed on 2010/12/21 10:55 UTC
Read the original article Hit count: 308

Filed under:
|
|
|

I would like to have a tcpdump like program that shows which program sent a specific packet, instead of just getting the port number. This is a generic problem I've had on and off sometimes when you have and old tcpdump file lying around you have no way to find what program was sending that data..

The solution in how i can identify which process is making UDP traffic on linux ? is an indication that I can solve this with auditd, dTrace, OProfile or SystemTap, but doesn't show how to do it. I.e. it doesn't show the source port of the program calling bind()..

The problem I had was strange UDP packets, and since those ports are so short lived it took me a while to solve this issue. I solved this by running an ugly hack similar to:

while true; date +%s.%N;netstat -panut;done

So either a method better than this hack, a replacement for tcpdump, or some way to get this info from the kernel so I can patch tcpdump.

EDIT: This was asked on superuser "tracking what programs sends to net", no good solution though.

© Server Fault or respective owner

Related posts about linux

Related posts about networking