DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 1st July 2009
Bruco Bruco is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Kalamazoo, MI, USA
Posts: 61
Thanked 1 Time in 1 Post
Default See what process is generating DNS traffic?

Hello, all.

I have a FreeBSD box sitting at one of my company's locations. It doesn't do much:

It runs a script ever 10 minutes that pings some IPs (not hostnames).

It runs arpwatch (which doesn't see much action, there are rarely new devices plugged into the network).

It runs syslogd and captures syslog output from a Cisco ASA.

The box has a static IP, so I've defined a DNS server (at another site) in /etc/resolv.conf.

The problem I'm having is that when I look at my syslogs from the Cisco ASA, I see that the FreeBSD box is generating thousands and thousands of UDP connections to port 53 on the DNS server. And I do mean thousands.

Now, these are obviously DNS requests of some kind. It's port 53 on a DNS server after all. And if I comment out the DNS server IP in /etc/resolv.conf, the traffic stops.

If I run tcpdump while it's going on I can see the packets. Every other one says something about NXDomain - which if I'm not mistaken has something to do with an invalid domain. So, thousands of invalid domain errors, perhaps?

I won't pretend to be able to fully decipher the output from tcpdump, but if I could at least nail down what it is that's CAUSING the traffic I might start to understand where it's coming from and why!

So, two questions. First, does anyone know what might be causing this traffic? And second, is there a way I can actually determine what process is generating the traffic?

Thanks.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Generating passwords with jot(1) J65nko Guides 9 29th August 2014 01:03 PM
shell script-start another process bsdnewbie999 Programming 2 23rd April 2009 07:48 PM
PF Blocking VPN Traffic plexter OpenBSD Security 6 23rd January 2009 05:25 PM
Daemon Process not starting on boot map7 FreeBSD General 4 11th September 2008 04:24 PM
Generating random passwords on FreeBSD erno Guides 3 8th May 2008 08:44 AM


All times are GMT. The time now is 07:50 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick