How do I find out which service is making this request?
It's making the requests a lot. Like multiple times a second. I've got a tcpdump and wireshark that shows the info, but I don't know how to find out which process is making the request.
Ok. More info. Sorry
These are all internal to our network. From the network logs on the DNS server I saw that I was getting multiple requests from one of our servers for a dns lookup.
After ssh'ing into the server and running tcpdump -nt udp port 53 and host our dns server ip I can see that indeed this machine is making multiple requests per second for a lookup of an address that is clearly a typo: a-vvs1-s33-1.domain.com.domain.com
I'm trying to isolate which process is making the request.
31 Answer
Does running lsof -i on the requesting server help you find the process making all of the requests?
$ sudo lsof -i # Show all services with open ports
$ sudo lsof -i ":53" -P # Limit to all services on port 53lsof shows open files. lsof's -i flag limits the results to those with Internet addresses (ie: open sockets). You can further restrict the list of processes returned by giving -i a restriction. In the second example, :53 stands for port 53, and the -P flag tells lsof not to convert the port number to a string representing what that port is used for by default (ie: dhcp, ssh, https, etc).
Note: Port 53 is typically used for DNS traffic.
1
