Link to home
Start Free TrialLog in
Avatar of narmi2
narmi2

asked on

Network activity concerns

Dear Experts,

My desktop seems to be constantly uploading and downloading data, which I am not aware off.  Please have a look at the attached image.  How do I find out what is going on and how do I stop it without disabling internet access altogether?
Screenshot-System-Monitor.png
SOLUTION
Avatar of gjdonkeh
gjdonkeh
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Duncan Roe
Duncan Roe
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jar3817
jar3817
Try typing "netstat -an" to see if there are any established conections. If this machine is directly connected to a cable internet connection that traffic might just be arps since cable is shared and typically uses huge subnets.
Avatar of Hugh Fraser
Hugh Fraser
Flag of Canada image
The first step is to see who your machine's talking to. I like etherape for visualizing conversations, and once you know who the big talker is, use Wireshark to sniff the traffic.
Avatar of narmi2
narmi2

ASKER

Lots of suggestions here, so I am starting from the top.  Using tcpdump, I have captured 100 packets from eth0 and have attached the output.

What does all that mean?  If i did not limit it to 100, it would have gone on forever, without me browsing the web...
tcpdump-eth0.log
SOLUTION
Avatar of Duncan Roe
Duncan Roe
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of narmi2
narmi2

ASKER

OK, so what's the next step?  Try out one of the other programs suggested?
SOLUTION
Avatar of Duncan Roe
Duncan Roe
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of narmi2
narmi2

ASKER

What concerns me is the amount of network activity which I am getting without me using the browser.
Avatar of narmi2
narmi2

ASKER

after a fresh reboot, if i type lsof -i, i get nothing.  Without using the computer for webbrowsing, if I type in lsof -i 1 minute later I get 2 entries:

ubuntuone 1563 narmi2   20u  IPv4  11938      0t0  TCP ubuntu.local:59034->firewall.narmi2.com:http-alt (ESTABLISHED)
ubuntuone 1563 narmi2   21u  IPv4  10809      0t0  TCP ubuntu.local:50600->ec2-174-129-241-144.compute-1.amazonaws.com:https (ESTABLISHED)

top gives me ubuntuone top place

1563 narmi2     20   0 41072  19m 5100 S  4.3  4.0   0:09.29 ubuntuone-syncd                                                                                                                                  

lsof -p 1563 give me

narmi2@ubuntu:~$ lsof -p 1563
COMMAND    PID  USER   FD   TYPE     DEVICE SIZE/OFF   NODE NAME
ubuntuone 1563 narmi2  cwd    DIR      252,1     4096      2 /
ubuntuone 1563 narmi2  rtd    DIR      252,1     4096      2 /
ubuntuone 1563 narmi2  txt    REG      252,1  2288240 391184 /usr/bin/python2.6
ubuntuone 1563 narmi2  mem    REG      252,1   251916 394369 /usr/lib/libgobject-2.0.so.0.2400.1
ubuntuone 1563 narmi2  mem    REG      252,1   821768 132053 /lib/libglib-2.0.so.0.2400.1
ubuntuone 1563 narmi2  mem    REG      252,1    71988 399428 /usr/lib/python2.6/lib-dynload/datetime.so
ubuntuone 1563 narmi2  mem    REG      252,1    13760 433238 /usr/lib/libpyglib-2.0-python2.6.so.0.0.0
ubuntuone 1563 narmi2  mem    REG      252,1   122232 433241 /usr/lib/pyshared/python2.6/gtk-2.0/gobject/_gobject.so
ubuntuone 1563 narmi2  mem    REG      252,1     5460 456413 /usr/lib/python2.6/dist-packages/twisted/python/_initgroups.so
ubuntuone 1563 narmi2  mem    REG      252,1   108196 399467 /usr/lib/python2.6/lib-dynload/_ctypes.so
ubuntuone 1563 narmi2  mem    REG      252,1    14484   7238 /usr/lib/python2.6/dist-packages/Crypto/PublicKey/_fastmath.so
ubuntuone 1563 narmi2  mem    REG      252,1    50176   2699 /usr/lib/pyshared/python2.6/OpenSSL/SSL.so
ubuntuone 1563 narmi2  mem    REG      252,1    31848 526624 /usr/lib/pyshared/python2.6/simplejson/_speedups.so
ubuntuone 1563 narmi2  mem    REG      252,1    22036 131266 /lib/tls/i686/cmov/libnss_dns-2.11.1.so
ubuntuone 1563 narmi2  mem    REG      252,1    26088 433233 /usr/lib/libffi.so.5.0.10
ubuntuone 1563 narmi2  mem    REG      252,1   227000 131161 /lib/libdbus-1.so.3.4.0
ubuntuone 1563 narmi2  mem    REG      252,1   127088 440270 /usr/lib/pyshared/python2.6/_dbus_bindings.so
ubuntuone 1563 narmi2  mem    REG      252,1    79512 130850 /lib/libz.so.1.2.3.3
ubuntuone 1563 narmi2  mem    REG      252,1   197540 399454 /usr/lib/python2.6/lib-dynload/pyexpat.so
ubuntuone 1563 narmi2  mem    REG      252,1   112948 428934 /usr/lib/libgnome-keyring.so.0.1.1
ubuntuone 1563 narmi2  mem    REG      252,1   470976 132141 /lib/libgcrypt.so.11.5.2
ubuntuone 1563 narmi2  mem    REG      252,1    71432 131273 /lib/tls/i686/cmov/libresolv-2.11.1.so
ubuntuone 1563 narmi2  mem    REG      252,1    30684 131295 /lib/tls/i686/cmov/librt-2.11.1.so
ubuntuone 1563 narmi2  mem    REG      252,1  1405508 131258 /lib/tls/i686/cmov/libc-2.11.1.so
ubuntuone 1563 narmi2  mem    REG      252,1    10180 440269 /usr/lib/pyshared/python2.6/_dbus_glib_bindings.so
ubuntuone 1563 narmi2  mem    REG      252,1   390700 420742 /usr/lib/libgmp.so.3.5.2
ubuntuone 1563 narmi2  mem    REG      252,1   286296 131686 /lib/i686/cmov/libssl.so.0.9.8
ubuntuone 1563 narmi2  mem    REG      252,1    59576 433243 /usr/lib/pyshared/python2.6/gtk-2.0/glib/_glib.so
ubuntuone 1563 narmi2  mem    REG      252,1     9736 131261 /lib/tls/i686/cmov/libdl-2.11.1.so
ubuntuone 1563 narmi2  mem    REG      252,1   113964 155804 /lib/ld-2.11.1.so
ubuntuone 1563 narmi2  mem    REG      252,1    20104 526698 /usr/lib/python2.6/dist-packages/zope/interface/_zope_interface_coptimizations.so
ubuntuone 1563 narmi2  mem    REG      252,1    36156 457061 /usr/lib/pyshared/python2.6/gtk-2.0/gnomekeyring.so
ubuntuone 1563 narmi2  mem    REG      252,1     9748 144013 /lib/tls/i686/cmov/libutil-2.11.1.so
ubuntuone 1563 narmi2  mem    REG      252,1     9620 142004 /lib/libnss_mdns4_minimal.so.2
ubuntuone 1563 narmi2  mem    REG      252,1   117176 428164 /usr/lib/libdbus-glib-1.so.2.1.0
ubuntuone 1563 narmi2  mem    REG      252,1    11300   2700 /usr/lib/pyshared/python2.6/OpenSSL/rand.so
ubuntuone 1563 narmi2  mem    REG      252,1    62096   2701 /usr/lib/pyshared/python2.6/OpenSSL/crypto.so
ubuntuone 1563 narmi2  mem    REG      252,1   149392 131262 /lib/tls/i686/cmov/libm-2.11.1.so
ubuntuone 1563 narmi2  mem    REG      252,1   117086 131272 /lib/tls/i686/cmov/libpthread-2.11.1.so
ubuntuone 1563 narmi2  mem    REG      252,1  1364764 131644 /lib/i686/cmov/libcrypto.so.0.9.8
ubuntuone 1563 narmi2  mem    REG      252,1    14000 130811 /lib/libuuid.so.1.3.0
ubuntuone 1563 narmi2  mem    REG      252,1    42572 131267 /lib/tls/i686/cmov/libnss_files-2.11.1.so
ubuntuone 1563 narmi2  mem    REG      252,1   193860 130533 /lib/libpcre.so.3.12.1
ubuntuone 1563 narmi2  mem    REG      252,1    17856 399447 /usr/lib/python2.6/lib-dynload/termios.so
ubuntuone 1563 narmi2  mem    REG      252,1    17940 394371 /usr/lib/libgthread-2.0.so.0.2400.1
ubuntuone 1563 narmi2  mem    REG      252,1    16752 399430 /usr/lib/python2.6/lib-dynload/_heapq.so
ubuntuone 1563 narmi2  mem    REG      252,1    13604 132151 /lib/libgpg-error.so.0.4.0
ubuntuone 1563 narmi2  mem    REG      252,1    26048 467272 /usr/lib/gconv/gconv-modules.cache
ubuntuone 1563 narmi2  mem    REG      252,1   256324 400552 /usr/lib/locale/en_GB.utf8/LC_CTYPE
ubuntuone 1563 narmi2    0u   CHR        1,3      0t0    788 /dev/null
ubuntuone 1563 narmi2    1u   CHR        1,3      0t0    788 /dev/null
ubuntuone 1563 narmi2    2u   CHR        1,3      0t0    788 /dev/null
ubuntuone 1563 narmi2    3r  FIFO        0,8      0t0  10544 pipe
ubuntuone 1563 narmi2    4u   CHR        1,3      0t0    788 /dev/null
ubuntuone 1563 narmi2    5w  FIFO        0,8      0t0  10544 pipe
ubuntuone 1563 narmi2    6r  FIFO        0,8      0t0  10545 pipe
ubuntuone 1563 narmi2    7w  FIFO        0,8      0t0  10545 pipe
ubuntuone 1563 narmi2    8r  FIFO        0,8      0t0   5717 pipe
ubuntuone 1563 narmi2    9w  FIFO        0,8      0t0   5717 pipe
ubuntuone 1563 narmi2   10r  FIFO        0,8      0t0  10546 pipe
ubuntuone 1563 narmi2   11w  FIFO        0,8      0t0  10546 pipe
ubuntuone 1563 narmi2   12r  unix 0xdf22b600      0t0  10739 socket
ubuntuone 1563 narmi2   13r   REG      252,1   450267 260333 /home/narmi2/.cache/ubuntuone/log/syncdaemon.log
ubuntuone 1563 narmi2   14r   REG      252,1   446970 260357 /home/narmi2/.cache/ubuntuone/log/syncdaemon-exceptions.log
ubuntuone 1563 narmi2   15r   DIR       0,11        0      1 inotify
ubuntuone 1563 narmi2   16r   DIR       0,11        0      1 inotify
ubuntuone 1563 narmi2   17u  unix 0xdf22ba00      0t0  10780 socket
ubuntuone 1563 narmi2   18u  unix 0xdf22b400      0t0  10791 socket
ubuntuone 1563 narmi2   19r   CHR        1,9      0t0    793 /dev/urandom
ubuntuone 1563 narmi2   20u  IPv4      15140      0t0    TCP ubuntu.local:42831->firewall.narmi2.com:http-alt (ESTABLISHED)
ubuntuone 1563 narmi2   21u  IPv4      10809      0t0    TCP ubuntu.local:50600->ec2-174-129-241-144.compute-1.amazonaws.com:https (ESTABLISHED)
narmi2@ubuntu:~$

In the last few minutes after the reboot without using the internet browser, my computer has send 1Mb and received 5Mb and increasing at a rate of roughly 10Kb a second for receiving and 2Kb a second for sending...
ASKER CERTIFIED SOLUTION
Avatar of TobiasHolm
TobiasHolm
Flag of Sweden image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of narmi2
narmi2

ASKER

I have deleted ubuntuone because I do not use it, and the network activity has stopped!  Finally!!!

Any idea what ubuntuone was transmitting?  I do not log into ubuntu one, so why was it constantly transmitting around 10Kbs?
Avatar of TobiasHolm
TobiasHolm
Flag of Sweden image
I suppose that's the way UbuntuOne is designed. It might generate network traffic when checking if the Ubuntu One servers are up?

Regards, Tobias
Avatar of narmi2
narmi2

ASKER

That is really really bad if you're on pay as you go broadband...
SOLUTION
Avatar of TobiasHolm
TobiasHolm
Flag of Sweden image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial