for those would be interested in what i did in the meantime, here's my workaround for finding the process that was issuing rogue dns queries:
1. log and allow outgoing DNS packet
2. deny incoming DNS packets
-hopefully the process waits around long enough for a response
3. issue lsof -n -i UDP:53 as soon as the outgoing log message hits
-the -n is important or it can hang waiting for DNS as well :)
4. ps fax is a good idea if it's not obvious what the parent process is
good luck out there, jlg
Eric Leblond wrote:
Le jeu 11/12/2003 Ã 22:34, John E. Leon Guerrero a Ãcrit :
Hi folks, I browsed the last 7 months of archives and didn't see this question addressed.
Are there plans to allow logging the packet owner? For example, I get rogue DNS requests eminating from my workstation and I'd like to know which process is doing this.
you can do full user filtering and activity logging with the nufw project which is based on netfilter : http://www.nufw.org/ Complete logging of dropped packets will be available on the next release (0.6.1), which is planned to be available on monday (code is in cleaning and testing phase).
BR,
