[Novalug] Finding PID That Is Querying DNS

Bernie Hoefer LUG-Member@TheMoreIKnow.info
Wed Oct 3 12:25:02 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ben Creitz wrote:
===
> Is it true that we don't know from the tcpdump output whether those
> DNS messages are TCP or UDP, and that it is possible that DNS queries
> could be either?
===
     Yes, the traffic is definitely UDP.  I've run tcpdump with the "-v"
option and it shows the traffic as UDP.  Thanks for your suggestion.

- --
Bernie Hoefer
PGP e-mail is welcome!  Get my 1024 bit signature key from:
<http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x446A6F93>.
"The more I know, the more I realize how much I do not understand."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFHA8JackGmqURqb5MRAt6XAJ96ppEOVWdXMvkK1buE9vKXuJoKDgCeMGWp
2TgEmtpb0Ziejupp6+XMrZQ=
=+7Y1
-----END PGP SIGNATURE-----



More information about the Novalug mailing list