How can I tell what process is sending a UDP traffic using bpftrace ?

Solution Verified - Updated -

Issue

  • DNS server is being decommissioned but is still receiving queries. We need to know what processes are sending the messages so they can be restarted without having to restart all our applications or reboot the system
  • We see a large flood of DNS queries leaving this system. How to tell which process is sending DNS queries?

Environment

  • Red Hat Enterprise Linux 8 and above
  • IPv4 and IPv6
  • bpftrace
  • UDP

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content