Need to find out which process is using network

schwim · 2019-01-16 19:38:24

Hi there everyone!

I'm noticing that all of a sudden, something is using a bit of network resources and I'd like to find out what is doing it when the OS should be idle. It's not a lot when it happens(15-150 kbps DL & around 20-30 UL) but it's not the amount that I"m concerned with, it's that something is sending and receiving data when in the past, it didn't . I've tried shutting down all of my applications and making sure they were shut down via htop but the transfer continues.

I tried using nethogs but even via sudo, I'm told that it failed creating socket while establishing local IP(perhaps because I'm using BL in a VM?).

Any suggestions would be greatly appreciated.

Thanks for your time!

johnraff · 2019-01-17 02:35:18

You might try the 'ss' utility.
I'm using 'ss -tpu' in a "netusers" conky, but 'man ss' will reveal many more options.

schwim · 2019-01-19 21:35:12

Hi there John,

I found iftop which was an output I could understand a little better. It looks like something in my browser is constantly sending and receiving data between this location each time I start the browser:

173.199.120.251.choopa.com

The data transfer stops when I close Firefox. It starts back up with increasing throughput until it peaks at about 150kbps Down and 50kbps up. When it's transferring, it is a very stable speed. No dips or spikes, just a stead stream in both directions.

I've disabled all addons and closed all pages but this behavior continues. Is there a way I could capture the traffic to see what's getting passed? I'm very curious to know what's causing this to happen.

Last edited by schwim (2019-01-19 21:37:04)

schwim · 2019-01-19 21:42:31

It's my VPN, it seems. PureVPN was using the traffic even when turned off and the extension was disabled. Removing it from the browser resolved the issue.

I'd still be curious if there's a way to find out what was being passed back and forth if you have any idea of a way to trap that.

Bearded_Blunder · 2019-01-19 21:58:58

Wireshark? Interpreting packet captures can be laborious, but it's right there in the repos.

THX1138 · 2019-01-25 22:31:24

wireshark is a favourite of mine - I love that program its a seriously involved bit of kit.
It will analyse your network to the nth degree if you can read it right.
I just use it when I get paranoid. It makes me realise the government has no interest in my network traffic, and I am ashamed to say, neither has the mafia or even anyone except google and amazon and my isp, which is disappointing in a way as I was told by antivirus people that everyone was rabidly interested in hacking me

Bearded_Blunder · 2019-01-25 23:13:14

You learn that Micro$oft & goog£e sure do though....

schwim · 2019-01-26 01:06:39

I wasn't able to get Wireshark working on my VM. All the other apps like SS worked without issue but ws just didn't want to play ball so I didn't get a chance to work with it.

Bearded_Blunder · 2019-01-26 11:30:37

What VM? Honestly I haven't played much with it, but when I did need it for checking something out I had no issues, that was under VMware ESXi though, not the typical virtual-box or vmware-player on deskto/laptop setup, I'd imagine the latter works since it's grandaddy does in ESXi & machines tend to be compatible between the two. Might depend which networking mode the VM was in.

schwim · 2019-01-26 17:10:11

It's just a standard vbox vm. I don't recall the error but will post it when I get home at the end off the weekend.

THX1138 · 2019-01-26 19:08:23

Schwim, have you set the network port to bridged adaptor and promiscuous mode? I have a vbox setup at the moment I will try and help you with that but my earliest thought is promiscuous mode may not be set. Wireshark requires that if memory serves me correctly
I believe that should work but you may need to bridge it with your real LAN card
that is in your computer. try setting vbox to bridged adaptor - promiscuous mode - and in wireshark capture all interfaces oh and run it with sudo even though it will complain about that

Last edited by THX1138 (2019-01-26 19:45:54)

THX1138 · 2019-01-26 21:35:10

Actually thinking about it - install tcpdump
run tcpdump at a command prompt as root
and then use your browser that will give you a lot of information

schwim · 2019-01-28 21:36:53

That was it, THX. Once I enabled promiscuous mode, it worked, albeit with the root warnings you mentioned. Now I just need to figure out what in the hell it's telling me smile

I'll give tcpdump a shot as well, thanks for the suggestion!

#1 2019-01-16 19:38:24

Need to find out which process is using network

#2 2019-01-17 02:35:18

Re: Need to find out which process is using network

#3 2019-01-19 21:35:12

Re: Need to find out which process is using network

#4 2019-01-19 21:42:31

Re: Need to find out which process is using network

#5 2019-01-19 21:58:58

Re: Need to find out which process is using network

#6 2019-01-25 22:31:24

Re: Need to find out which process is using network

#7 2019-01-25 23:13:14

Re: Need to find out which process is using network

#8 2019-01-26 01:06:39

Re: Need to find out which process is using network

#9 2019-01-26 11:30:37

Re: Need to find out which process is using network

#10 2019-01-26 17:10:11

Re: Need to find out which process is using network

#11 2019-01-26 19:08:23

Re: Need to find out which process is using network

#12 2019-01-26 21:35:10

Re: Need to find out which process is using network

#13 2019-01-28 21:36:53

Re: Need to find out which process is using network

Board footer