Unexplained Network activity - Mandriva

This is a discussion on Unexplained Network activity - Mandriva ; Mandriva 2007.0 Is there a utility/function that can tell me which process/program is actually sending/receiving data? Something is receiving data at approx 10 kB/sec and sending at about 1kB/sec, and I don't like it, 'cos nothing I am consciously doing ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Unexplained Network activity

  1. Unexplained Network activity

    Mandriva 2007.0
    Is there a utility/function that can tell me which process/program is
    actually sending/receiving data? Something is receiving data at approx
    10 kB/sec and sending at about 1kB/sec, and I don't like it, 'cos
    nothing I am consciously doing should be doing this traffic.
    netstat -tap doesn't show anything suspicious, nor does top.
    TIA
    Grimble

  2. Re: Unexplained Network activity

    On 2007-11-25, Grimble wrote:
    > Mandriva 2007.0
    > Is there a utility/function that can tell me which process/program is
    > actually sending/receiving data? Something is receiving data at approx
    > 10 kB/sec and sending at about 1kB/sec, and I don't like it, 'cos
    > nothing I am consciously doing should be doing this traffic.
    > netstat -tap doesn't show anything suspicious, nor does top.
    > TIA
    > Grimble


    "Wireshark" - a packet sniffer.

    Obvious candidates are 'Mandriva Online' looking for updates, email or
    usenet software sending or receiving messages on schedule, RSS or podcast
    software, peer-to-peer stuff, time-checks, IRC, ... or a local
    router-monitoring program or other LAN traffic.

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  3. Re: Unexplained Network activity

    Whiskers wrote:

    > On 2007-11-25, Grimble wrote:
    >> Mandriva 2007.0
    >> Is there a utility/function that can tell me which process/program is
    >> actually sending/receiving data? Something is receiving data at approx
    >> 10 kB/sec and sending at about 1kB/sec, and I don't like it, 'cos
    >> nothing I am consciously doing should be doing this traffic.
    >> netstat -tap doesn't show anything suspicious, nor does top.
    >> TIA
    >> Grimble

    >
    > "Wireshark" - a packet sniffer.
    >
    > Obvious candidates are 'Mandriva Online' looking for updates, email or
    > usenet software sending or receiving messages on schedule, RSS or podcast
    > software, peer-to-peer stuff, time-checks, IRC, ... or a local
    > router-monitoring program or other LAN traffic.
    >

    If there is nothing listed with netstat -tupe it probably is layer2-traffic
    like arp requests. You may see truckloads of them when on broadband (shared
    media) directly connected to the "modem".
    --
    vista policy violation: Microsoft optical mouse found penguin patterns
    on mousepad. Partition scan in progress to remove offending
    incompatible products. Reactivate MS software.
    Linux 2.6.22.9-1mdvcustom [LinuxCounter#295241,ICQ#4918962]

  4. Re: Unexplained Network activity

    Whiskers wrote:
    > On 2007-11-25, Grimble wrote:
    >> Mandriva 2007.0

    [....]
    > "Wireshark" - a packet sniffer.
    >
    > Obvious candidates are 'Mandriva Online' looking for updates, email or
    > usenet software sending or receiving messages on schedule, RSS or podcast
    > software, peer-to-peer stuff, time-checks, IRC, ... or a local
    > router-monitoring program or other LAN traffic.
    >

    Thanks Whiskers. Wireshark told me the source was a BBC internet site
    that, presumably, was continuing to push music at me despite having
    cancelled the Firefox process that I used to connect. Disabling the ADSL
    line for 10 minutes cured it.
    Grimble

  5. Re: Unexplained Network activity

    Grimble wrote:

    > Mandriva 2007.0
    > Is there a utility/function that can tell me which process/program
    > is actually sending/receiving data? Something is receiving data at
    > approx 10 kB/sec and sending at about 1kB/sec, and I don't like it,
    > 'cos nothing I am consciously doing should be doing this traffic.
    > netstat -tap doesn't show anything suspicious, nor does top.
    > TIA
    > Grimble

    Look at how you have set your firewall up (shorewall). I would advise
    that when you get to the page shorewall is on that you just
    click 'No' so that you connect to the internet when You want to and
    the internet cannot get through to you if you don't want it to.


    --
    Neil
    reverse ra and delete l
    Linux user 335851

  6. Re: Unexplained Network activity

    On 2007-11-25, Grimble wrote:
    > Whiskers wrote:
    >> On 2007-11-25, Grimble wrote:
    >>> Mandriva 2007.0

    > [....]
    >> "Wireshark" - a packet sniffer.
    >>
    >> Obvious candidates are 'Mandriva Online' looking for updates, email or
    >> usenet software sending or receiving messages on schedule, RSS or podcast
    >> software, peer-to-peer stuff, time-checks, IRC, ... or a local
    >> router-monitoring program or other LAN traffic.
    >>

    > Thanks Whiskers. Wireshark told me the source was a BBC internet site
    > that, presumably, was continuing to push music at me despite having
    > cancelled the Firefox process that I used to connect. Disabling the ADSL
    > line for 10 minutes cured it.
    > Grimble


    Perhaps the actual 'streaming' program (probably 'Real Player' if you were
    at a BBC site and you haven't changed the Mandriva Powerpack defaults) was
    left running when you closed Firefox? The command

    ps -e

    will show you all running processes (even those that don't come near the
    top in 'top'), and then you can

    kill

    to stop the errant process. (You will need to be 'root' to kill processes
    not running 'as' your current user, of course).

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  7. Re: Unexplained Network activity

    On 2007-11-25, Grimble wrote:
    > Mandriva 2007.0
    > Is there a utility/function that can tell me which process/program is
    > actually sending/receiving data? Something is receiving data at approx
    > 10 kB/sec and sending at about 1kB/sec, and I don't like it, 'cos
    > nothing I am consciously doing should be doing this traffic.
    > netstat -tap doesn't show anything suspicious, nor does top.
    > TIA
    > Grimble


    The command "lsof -i" will show you what processes have open
    sockets or connections.

    --
    Robert Riches
    spamtrap42@verizon.net
    (Yes, that is one of my email addresses.)

  8. Re: Unexplained Network activity

    "Robert M. Riches Jr." writes:

    >On 2007-11-25, Grimble wrote:
    >> Mandriva 2007.0
    >> Is there a utility/function that can tell me which process/program is
    >> actually sending/receiving data? Something is receiving data at approx
    >> 10 kB/sec and sending at about 1kB/sec, and I don't like it, 'cos
    >> nothing I am consciously doing should be doing this traffic.
    >> netstat -tap doesn't show anything suspicious, nor does top.
    >> TIA
    >> Grimble


    tcpdump will show you want address and port it is being sent to/received
    from and thus info about the packets.


    >The command "lsof -i" will show you what processes have open
    >sockets or connections.


    >--
    >Robert Riches
    >spamtrap42@verizon.net
    >(Yes, that is one of my email addresses.)


  9. Re: Unexplained Network activity

    On Wed, 28 Nov 2007 17:17:57 GMT, Unruh wrote:
    > "Robert M. Riches Jr." writes:
    >
    >>On 2007-11-25, Grimble wrote:

    >
    > tcpdump will show you want address and port it is being sent to/received
    > from and thus info about the packets.


    Or you you want gui, install wireshark

+ Reply to Thread