Reputation: 1390
track source of IGMP query
I have some igmp query that comes each 2 minutes out of bond0 interface.
IP 0.0.0.0 > 224.0.0.1: igmp query v2.
Is it possible to track which process/programm is making this query?
From the checking I found that the source MAC address of the query is the mac address of bond0 address.
Since this query takes a couple CPU cycles, I am not sure I will find it in ps or netstat. I think I need some tracking tool like perf or systemtap. I am new in the world of debugging and tracking, so I need some help to find a correct command and parametrs.
Thanks.
Upvotes: 1
Views: 2557
Answers (1)
Reputation: 3146
As you probably know IGMP works on layer 3 so it maybe a bit tricky. It doesn't have to bind between a port and process id.
You have to use a combination of these tools:
tcpdump (to be certain IGMP is being sent out)
netstat -avnp
ps -ef | fgrep <pid>
lsof
While you do the tcpdump, I suggest making an aggressive ps -ef monitor
while [[ true ]]; do
ps -ef >> /tmp/ps.out
netstat -natp | grep 234.55.55.55 >> /tmp/netstat.out
sleep .5
done
You would then need to do process of elimination.
Upvotes: 1
Related Questions
- How can I enable IGMP Snooping in OpenWRT?
- Router Alert options on IGMPv2 packets
- Find the interface used by a connected socket
- IGMPv2 flood source detection
- Sniffing IGMP messages on the local network
- Setting IGMP Version in RedHat 5.1 (Tikanga)
- Centos 6.3 Server ignoring IGMP Queries
- Query the IP of the interface that will be used for a connection to a certain target
- Multicast Join on Linux and IGMPv3
- Determine source of network traffic on Ubuntu