Hello. Am running a BIND-9.3.4-P1.1 on Debian stable. I find a continuous traffic from my machine to my ISP's DNS. Wireshark shows that the MAC address of the packets being sent have my network card's MAC address. So, I conclude that this traffic is being generated by some process on my machine.
I want to know whether there is a way to figure out which process/application is generating a packet on Linux machine. A crude way can be to stop the running processes one-by-one and figure out which process was generating the traffic. But I do not intend to follow this method and want to know what triggered this scenario. It might be possible that some other machine on the subnet (served by a switch and not a hub) is generating these packets. If this is true and if the switch is sane I should not see the DNS query packets but only the response packets, right? I tried to use fuser command [ fuser 34423/udp ] to figure out if I can get the owner/process of the port number from which DNS queries are being send. The source port range being used is 34420-25. In general, is there a way to figure out which packet is generated by which process? If indeed the packet is generated locally. Thank you. -- best regards, Alan.
