2
1
I tried looping with netstat and but the packets are small and not frequent so do not get caught (can still see them with tcpdump). Need to know which process sends those packets.
Alex
Posted 2012-03-21T08:37:04.013
Reputation: 973
How to determine which process sends UDP packets periodically to an IP address?
Answers
1
Check tcpdump for the source port number of the packets. Then run
sudo netstat -a -u -n --program
Look for the PID/Program name matching the source port number.
This assumes that the sending process is leaving its socket open between sends, which is what any normal program would do. If you are dealing a program that is deliberately trying to hide itself, that's whole different story.
Seth Noble
Posted 2012-03-21T08:37:04.013
Reputation: 956
0
I guess it should be possible with QUEUE target in iptables. But you'd need to write an userspace application to "check" those packets (and this appication could help you to know which process sends those packets). Sorry, I haven't got more details.
brownian
Posted 2012-03-21T08:37:04.013
Reputation: 101
Have you tired iptables --log-uid option? – Cougar – 2012-03-22T08:39:26.040