You are not logged in.

#1 2019-01-16 19:38:24

schwim
Member
From: Western NC, US
Registered: 2015-09-29
Posts: 229
Website

Need to find out which process is using network

Hi there everyone!

I'm noticing that all of a sudden, something is using a bit of network resources and I'd like to find out what is doing it when the OS should be idle.  It's not a lot when it happens(15-150 kbps DL & around 20-30 UL) but it's not the amount that I"m concerned with, it's that something is sending and receiving data when in the past, it didn't .  I've tried shutting down all of my applications and making sure they were shut down via htop but the transfer continues.

I tried using nethogs but even via sudo, I'm told that it failed creating socket while establishing local IP(perhaps because I'm using BL in a VM?).

Any suggestions would be greatly appreciated.

Thanks for your time!


Schw.im! A social site with an identity crisis.

Offline

#2 2019-01-17 02:35:18

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 6,014
Website

Re: Need to find out which process is using network

You might try the 'ss' utility.
I'm using 'ss -tpu' in a "netusers" conky, but 'man ss' will reveal many more options.


John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
In case you forget, the rules.

Offline

#3 2019-01-19 21:35:12

schwim
Member
From: Western NC, US
Registered: 2015-09-29
Posts: 229
Website

Re: Need to find out which process is using network

Hi there John,

I found iftop which was an output I could understand a little better.  It looks like something in my browser is constantly sending and receiving data between this location each time I start the browser:

173.199.120.251.choopa.com

The data transfer stops when I close Firefox.  It starts back up with increasing throughput until it peaks at about  150kbps Down and 50kbps up.  When it's transferring, it is a very stable speed.  No dips or spikes, just a stead stream in both directions.

I've disabled all addons and closed all pages but this behavior continues.  Is there a way I could capture the traffic to see what's getting passed?  I'm very curious to know what's causing this to happen.

Last edited by schwim (2019-01-19 21:37:04)


Schw.im! A social site with an identity crisis.

Offline

#4 2019-01-19 21:42:31

schwim
Member
From: Western NC, US
Registered: 2015-09-29
Posts: 229
Website

Re: Need to find out which process is using network

It's my VPN, it seems.  PureVPN was using the traffic even when turned off and the extension was disabled.  Removing it from the browser resolved the issue.

I'd still be curious if there's a way to find out what was being passed back and forth if you have any idea of a way to trap that.


Schw.im! A social site with an identity crisis.

Offline

#5 2019-01-19 21:58:58

Bearded_Blunder
Dodging A Bullet
From: Seat: seat0; vc7
Registered: 2015-09-29
Posts: 730

Re: Need to find out which process is using network

Wireshark? Interpreting packet captures can be laborious, but it's right there in the repos.


Blessed is he who expecteth nothing, for he shall not be disappointed...
If there's an obscure or silly way to break it, but you don't know what.. Just ask me

Offline

#6 2019-01-25 22:31:24

THX1138
Member
Registered: 2019-01-14
Posts: 197

Re: Need to find out which process is using network

wireshark is a favourite of mine - I love that program its a seriously involved bit of kit.
It will analyse your network to the nth degree if you can read it right.
I just use it when I get paranoid. It makes me realise the government has no interest in my network traffic, and I am ashamed to say, neither has the mafia or even anyone except google and amazon and my isp, which is disappointing in a way as I was told by antivirus people that everyone was rabidly interested in hacking me


The telephone is an antiquity - you never know who is calling, there is no image, it is an outmoded product which constantly disrupts work (Ralf Hutter (Kraftwerk)) ps: my wife knows how much I dislike being disrupted at Work - Ralf Hutter hit the nail on the head there

Offline

#7 2019-01-25 23:13:14

Bearded_Blunder
Dodging A Bullet
From: Seat: seat0; vc7
Registered: 2015-09-29
Posts: 730

Re: Need to find out which process is using network

You learn that Micro$oft & goog£e sure do though....


Blessed is he who expecteth nothing, for he shall not be disappointed...
If there's an obscure or silly way to break it, but you don't know what.. Just ask me

Offline

#8 2019-01-26 01:06:39

schwim
Member
From: Western NC, US
Registered: 2015-09-29
Posts: 229
Website

Re: Need to find out which process is using network

I wasn't able to get Wireshark working on my VM. All the other apps like SS worked without issue but ws just didn't want to play ball so I didn't get a chance to work with it.


Schw.im! A social site with an identity crisis.

Offline

#9 2019-01-26 11:30:37

Bearded_Blunder
Dodging A Bullet
From: Seat: seat0; vc7
Registered: 2015-09-29
Posts: 730

Re: Need to find out which process is using network

What VM?  Honestly I haven't played much with it, but when I did need it for checking something out I had no issues, that was under VMware ESXi though, not the typical virtual-box or vmware-player on deskto/laptop setup, I'd imagine the latter works since it's grandaddy does in ESXi & machines tend to be compatible between the two. Might depend which networking mode the VM was in.


Blessed is he who expecteth nothing, for he shall not be disappointed...
If there's an obscure or silly way to break it, but you don't know what.. Just ask me

Offline

#10 2019-01-26 17:10:11

schwim
Member
From: Western NC, US
Registered: 2015-09-29
Posts: 229
Website

Re: Need to find out which process is using network

It's just a standard vbox vm. I don't recall the error but will post it when I get home at the end off the weekend.


Schw.im! A social site with an identity crisis.

Offline

#11 2019-01-26 19:08:23

THX1138
Member
Registered: 2019-01-14
Posts: 197

Re: Need to find out which process is using network

Schwim, have you set the network port to bridged adaptor and promiscuous mode? I have a vbox setup at the moment I will try and help you with that but my earliest thought is promiscuous mode may not be set. Wireshark requires that if memory serves me correctly
I believe that should work but you may need to bridge it with your real LAN card
that is in your computer. try setting vbox to bridged adaptor - promiscuous mode - and in wireshark capture all interfaces oh and run it with sudo even though it will complain about that

Last edited by THX1138 (2019-01-26 19:45:54)


The telephone is an antiquity - you never know who is calling, there is no image, it is an outmoded product which constantly disrupts work (Ralf Hutter (Kraftwerk)) ps: my wife knows how much I dislike being disrupted at Work - Ralf Hutter hit the nail on the head there

Offline

#12 2019-01-26 21:35:10

THX1138
Member
Registered: 2019-01-14
Posts: 197

Re: Need to find out which process is using network

Actually thinking about it - install tcpdump
run tcpdump at a command prompt as root
and then use your browser that will give you a lot of information


The telephone is an antiquity - you never know who is calling, there is no image, it is an outmoded product which constantly disrupts work (Ralf Hutter (Kraftwerk)) ps: my wife knows how much I dislike being disrupted at Work - Ralf Hutter hit the nail on the head there

Offline

#13 2019-01-28 21:36:53

schwim
Member
From: Western NC, US
Registered: 2015-09-29
Posts: 229
Website

Re: Need to find out which process is using network

That was it, THX.  Once I enabled promiscuous mode, it worked, albeit with the root warnings you mentioned.  Now I just need to figure out what in the hell it's telling me smile

I'll give tcpdump a shot as well, thanks for the suggestion!


Schw.im! A social site with an identity crisis.

Offline

Board footer

Powered by FluxBB