Hi folks,
I'm generating spurious DNS requests from a
variety of (closed) ephemeral ports. By the time I identify
the port with tcpdump or snort or ethereal the request has
been made, answered and the port closed. So I'd like to
trace the connection back to its source program/process.
The necessary info isn't present in a pcap dump. So what
else is there? Any alternative approaches? Any suggestions
welcome.
b.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
