Loging the process ID of outgoing packages in the Linux kernel Netfilter component

Abstract

Within the frame of this paper, the author describes the network structure of the Linux kernel, the existing methods for monitoring packets, and an implementation that he uses to include the ID of the process sending the packet in the kernel log when using the IPtables LOG target. It also provides a concrete example of how the implementation helps monitor PHP scripts on the Apache web server.