You are not logged in.
Hi there everyone!
I'm noticing that all of a sudden, something is using a bit of network resources and I'd like to find out what is doing it when the OS should be idle. It's not a lot when it happens(15-150 kbps DL & around 20-30 UL) but it's not the amount that I"m concerned with, it's that something is sending and receiving data when in the past, it didn't . I've tried shutting down all of my applications and making sure they were shut down via htop but the transfer continues.
I tried using nethogs but even via sudo, I'm told that it failed creating socket while establishing local IP(perhaps because I'm using BL in a VM?).
Any suggestions would be greatly appreciated.
Thanks for your time!
Schw.im! A social site with an identity crisis.
Offline
You might try the 'ss' utility.
I'm using 'ss -tpu' in a "netusers" conky, but 'man ss' will reveal many more options.
John
--------------------
( a boring Japan blog, idle Twitterings and GitStuff )
In case you forget, the rules.
Offline
Hi there John,
I found iftop which was an output I could understand a little better. It looks like something in my browser is constantly sending and receiving data between this location each time I start the browser:
173.199.120.251.choopa.com
The data transfer stops when I close Firefox. It starts back up with increasing throughput until it peaks at about 150kbps Down and 50kbps up. When it's transferring, it is a very stable speed. No dips or spikes, just a stead stream in both directions.
I've disabled all addons and closed all pages but this behavior continues. Is there a way I could capture the traffic to see what's getting passed? I'm very curious to know what's causing this to happen.
Last edited by schwim (2019-01-19 21:37:04)
Schw.im! A social site with an identity crisis.
Offline
It's my VPN, it seems. PureVPN was using the traffic even when turned off and the extension was disabled. Removing it from the browser resolved the issue.
I'd still be curious if there's a way to find out what was being passed back and forth if you have any idea of a way to trap that.
Schw.im! A social site with an identity crisis.
Offline
Wireshark? Interpreting packet captures can be laborious, but it's right there in the repos.
Blessed is he who expecteth nothing, for he shall not be disappointed...
If there's an obscure or silly way to break it, but you don't know what.. Just ask me
Offline
wireshark is a favourite of mine - I love that program its a seriously involved bit of kit.
It will analyse your network to the nth degree if you can read it right.
I just use it when I get paranoid. It makes me realise the government has no interest in my network traffic, and I am ashamed to say, neither has the mafia or even anyone except google and amazon and my isp, which is disappointing in a way as I was told by antivirus people that everyone was rabidly interested in hacking me
The telephone is an antiquity - you never know who is calling, there is no image, it is an outmoded product which constantly disrupts work (Ralf Hutter (Kraftwerk)) ps: my wife knows how much I dislike being disrupted at Work - Ralf Hutter hit the nail on the head there
Offline
You learn that Micro$oft & goog£e sure do though....
Blessed is he who expecteth nothing, for he shall not be disappointed...
If there's an obscure or silly way to break it, but you don't know what.. Just ask me
Offline
I wasn't able to get Wireshark working on my VM. All the other apps like SS worked without issue but ws just didn't want to play ball so I didn't get a chance to work with it.
Schw.im! A social site with an identity crisis.
Offline
What VM? Honestly I haven't played much with it, but when I did need it for checking something out I had no issues, that was under VMware ESXi though, not the typical virtual-box or vmware-player on deskto/laptop setup, I'd imagine the latter works since it's grandaddy does in ESXi & machines tend to be compatible between the two. Might depend which networking mode the VM was in.
Blessed is he who expecteth nothing, for he shall not be disappointed...
If there's an obscure or silly way to break it, but you don't know what.. Just ask me
Offline
Offline
Schwim, have you set the network port to bridged adaptor and promiscuous mode? I have a vbox setup at the moment I will try and help you with that but my earliest thought is promiscuous mode may not be set. Wireshark requires that if memory serves me correctly
I believe that should work but you may need to bridge it with your real LAN card
that is in your computer. try setting vbox to bridged adaptor - promiscuous mode - and in wireshark capture all interfaces oh and run it with sudo even though it will complain about that
Last edited by THX1138 (2019-01-26 19:45:54)
The telephone is an antiquity - you never know who is calling, there is no image, it is an outmoded product which constantly disrupts work (Ralf Hutter (Kraftwerk)) ps: my wife knows how much I dislike being disrupted at Work - Ralf Hutter hit the nail on the head there
Offline
Actually thinking about it - install tcpdump
run tcpdump at a command prompt as root
and then use your browser that will give you a lot of information
The telephone is an antiquity - you never know who is calling, there is no image, it is an outmoded product which constantly disrupts work (Ralf Hutter (Kraftwerk)) ps: my wife knows how much I dislike being disrupted at Work - Ralf Hutter hit the nail on the head there
Offline
That was it, THX. Once I enabled promiscuous mode, it worked, albeit with the root warnings you mentioned. Now I just need to figure out what in the hell it's telling me
I'll give tcpdump a shot as well, thanks for the suggestion!
Schw.im! A social site with an identity crisis.
Offline