How to identify PID of process that is generating lots of ICMP ping requests?

Question

I have a box that is generating lots of outgoing ICMP requests. I am able to see a few happening every second with tcpdump -nni ens192 icmp. However, I don't have anyway of tracing these back to the PID that is causing them. Any thoughts?

score 0 · Answer 1 · answered Jul 27 '18 at 16:30

Try the command

ss -npa | grep -e '???' -e icmp

I get this result while running ping:

???     UNCONN  0    0    0.0.0.0:1 0.0.0.0:* users:(("ping",pid=7174,fd=3)) 
icmp6   UNCONN  0    0    *:58      *:*       users:(("ping",pid=7174,fd=4))

While there are different ways to send ICMP packets, it is worth a try.

score 0 · Answer 2 · answered Aug 10 '18 at 08:36

0

use ss

 ss -apw |grep icmp

answer:

UNCONN     0      0    *:icmp   *:*  users:(("ping",19122,3))

answered Aug 10 '18 at 08:36

zersh

161
2

How to identify PID of process that is generating lots of ICMP ping requests?

2 Answers2