Is it possible to check which application is requesting specific port in a debian server? I'm getting a ton of these in iptraf:
x x UDP (77 bytes) from 172.16.0.2:25748 to 212.59.1.1:53 on eth0
x x UDP (105 bytes) from 212.59.1.1:53 to 172.16.0.2:25748 on eth0
x x UDP (77 bytes) from 172.16.0.2:15956 to 212.59.1.1:53 on eth0
x x UDP (93 bytes) from 212.59.1.1:53 to 172.16.0.2:15956 on eth0
x x UDP (77 bytes) from 172.16.0.2:64869 to 212.59.1.1:53 on eth0
x x UDP (105 bytes) from 212.59.1.1:53 to 172.16.0.2:64869 on eth0
x x UDP (77 bytes) from 172.16.0.2:27489 to 212.59.1.1:53 on eth0
x x UDP (93 bytes) from 212.59.1.1:53 to 172.16.0.2:27489 on eth0
x x UDP (77 bytes) from 172.16.0.2:32834 to 212.59.1.1:53 on eth0
x x UDP (105 bytes) from 212.59.1.1:53 to 172.16.0.2:32834 on eth0
x x UDP (77 bytes) from 172.16.0.2:31633 to 212.59.1.1:53 on eth0
x x UDP (93 bytes) from 212.59.1.1:53 to 172.16.0.2:31633 on eth0
x x UDP (55 bytes) from 172.16.0.2:31892 to 212.59.1.1:53 on eth0
x x UDP (83 bytes) from 212.59.1.1:53 to 172.16.0.2:31892 on eth0
172.16.0.2 is the internal IP (using dummy package) of virtual machine inside xen (which I'm monitoring right now - this snippet is from 172.16.0.2 machine), 212.59.1.1 is my ISP DNS server.
Is it possible to see which application/PID is making these requests? Or is this a normal behaviour? Investigating this because I might be flooding myself by those request, even losing my network connectivity.