How can I figure out what is calling a recurring command?
I first noticed that an unusual network request was flooding my pihole logs. Then checking wireshark
and tcpdump
I could see it there too. It is happening about every 5 seconds or so, but not consistently. I would like to know what is making this network call? It is on an Arch Linux box. I’ve managed to find out the program name (dig
) by running watch 'sudo netstat -utenp | grep
, but the PID changes every time. So how can I figure out what is calling dig
so much if the PID keeps changing? I have also checked cron
, it’s nothing in there. I’ve also checked all of my systemd timers and other running services. I don’t see anything suspicious, but maybe I missed something. Any ideas where else I might check?