识别DNS请求的PID源(Windows XP) [英] Identifying PID source of DNS request (Windows XP)

问题描述

我希望确定发出DNS请求的过程.查看查询可以给我一个提示，但并不能帮助我确定确切的过程.

I wish to identify the process that is making DNS requests. Looking at the query gives me a clue, but doesn't help me identify the exact process.

我可以在Wireshark中看到本地端口号，但是请求太短暂而无法被TCPView接收.

I can see the local port number in Wireshark, but the request is too transient to be picked up by TCPView.

是否有一个日志记录工具可以捕获DNS请求和PID?

Is there a logging tool which will catch DNS requests and PID?

推荐答案

Sysinternals的进程监视器" 将为您提供所需的内容.将捕获限制为仅网络活动，您将看到该活动以及PID和进程名称.该操作将是 UDP发送，并且路径将读取如下内容: pc-host-name:port-> dns-server:domain (注意:domain"表示DNS的端口53).进程名称和pid将在左侧.

Process Monitor from Sysinternals will give you what you want. Limit the capture to just network activity and you'll see the activity along with the PID and process name. The operation will be UDP Send and the path will read something like this: pc-host-name:port -> dns-server:domain (note ":domain" indicates port 53 for dns). The process name and pid will be on the left.

首先，我建议使用Netmon 3.4(来自Microsoft)，因为它将显示进程名称和pid(需要将pid添加为一列).但是，这对我来说似乎很麻烦，因为大多数流量没有使用进程名称/pid进行标记.我不确定为什么会这样，但它可能对您有用.

At first I was going to recommend using Netmon 3.4 (from Microsoft) as this will show the process name and pid (pid needs to be added as a column). However, this seemed to have trouble for me as most of the traffic was not tagged with with the process name/pid. I'm not sure why this was the case but it may work for you.

这篇关于识别DNS请求的PID源(Windows XP)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！