Port 32512 DNS queries

When I monitor the UDP packets sent to my Linux box, I find it is flooded
with replies from DNS servers to queries (inverse look-ups on the IP
addresses of the DNS servers listed in /etc/resolv.conf) issued from port
32512 on my machine. Does anyone know of a Linux client process that runs
from port 32512? The flood of messages starts as soon as I log on. I don't
have to start any client apps other than Terminal windows. Nothing is listed
against 32512 in /etc/services and I can't find any information on Google.

Thanks in advance

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

rubylips wrote:
| When I monitor the UDP packets sent to my Linux box, I find it is flooded
| with replies from DNS servers to queries (inverse look-ups on the IP
| addresses of the DNS servers listed in /etc/resolv.conf) issued from port
| 32512 on my machine. Does anyone know of a Linux client process that runs
| from port 32512? The flood of messages starts as soon as I log on. I
don't
| have to start any client apps other than Terminal windows. Nothing is
listed
| against 32512 in /etc/services and I can't find any information on Google.
|
| Thanks in advance
|
|
|

is this port still in use after a reboot? usually DNS transfers use
high port numbers with port 53 being to the server.

- --

Marco Benton - BOFH, BSMFH

BOFH excuse #448: The cause of the problem is: greenpeace free'd the mallocs

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBx1IY2+PYgoYkw8ERAoczAKCu7+7DByRGX4b7oLM4Uo H91pQPowCeODEq
h6icLE6yt7pKvFB/7seWeDk=
=0DJg
-----END PGP SIGNATURE-----

On Mon, 20 Dec 2004 21:17:36 +0000, rubylips wrote:

> When I monitor the UDP packets sent to my Linux box, I find it is flooded
> with replies from DNS servers to queries (inverse look-ups on the IP
> addresses of the DNS servers listed in /etc/resolv.conf) issued from port
> 32512 on my machine. Does anyone know of a Linux client process that runs
> from port 32512? The flood of messages starts as soon as I log on. I don't
> have to start any client apps other than Terminal windows. Nothing is listed
> against 32512 in /etc/services and I can't find any information on Google.
>
> Thanks in advance

There isn't a specific service that runs on 32512, but your resolver could
be opening sockets using that port to resolve names. Do you see outbound
traffic *from* your Linux box to those nameservers? Is it coming from
32512?

Saundo

--
Chris "Saundo" Saunderson (E-Mail Removed)
Unix/CCNA/CCDA Guy Powered by Linux and the Orb.

"Chris 'Saundo' Saunderson" <(E-Mail Removed)> wrote in message
news(E-Mail Removed). ..
> On Mon, 20 Dec 2004 21:17:36 +0000, rubylips wrote:
>
>> When I monitor the UDP packets sent to my Linux box, I find it is flooded
>> with replies from DNS servers to queries (inverse look-ups on the IP
>> addresses of the DNS servers listed in /etc/resolv.conf) issued from port
>> 32512 on my machine. Does anyone know of a Linux client process that runs
>> from port 32512? The flood of messages starts as soon as I log on. I
>> don't
>> have to start any client apps other than Terminal windows. Nothing is
>> listed
>> against 32512 in /etc/services and I can't find any information on
>> Google.
>>
>> Thanks in advance
>
> There isn't a specific service that runs on 32512, but your resolver could
> be opening sockets using that port to resolve names. Do you see outbound
> traffic *from* your Linux box to those nameservers? Is it coming from
> 32512?
>
> Saundo
>
> --
> Chris "Saundo" Saunderson (E-Mail Removed)
> Unix/CCNA/CCDA Guy Powered by Linux and the Orb.
>

I've solved the problem. I'd written my own UDP sniffer which, when it read
the source address from the IP header, would call gethostbyaddr() in order
to find the domain name. Of course, the call to gethostbyaddr() would
generate a further UDP message, so the process ended up in an infinite loop!

Thanks for your help