Thursday Jun 21, 2007

UDP process finder

Ever had your system constantly transmitting network packets, and had a hard time finding out who or why?

Recently my system was sending loads and loads of DNS requests for a system I knew not to be on the network (an old system of mine that had been decommissioned). I saw the DNS requests with snoop(1m), but had no idea which process was doing the job.

Enter dtrace. 15 seconds of experimentation: first, look to see if there are functions being called with "udp" in their name:

dtrace -n 'fbt::\*udp\*:entry'

Yes, there certainly are. OK, modify the above to suppress the default print with -q, and add what I'm interested in, straight out of built-in variables:

dtrace -q -n 'fbt::\*udp\*:entry{printf("%s from %s(%d)\\n", probefunc, execname, pid);}'

(Turns out it was automountd. A quick service disable/enable, and it stopped.) Another mysterious system behavior immediately found with dtrace.

About

user12614486

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today