Re: [PLUG] What's the best utility to find source of outbound net traffi

Greg Helledy on 23 May 2006 03:54:44 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] What's the best utility to find source of outbound net traffic?

From: "Greg Helledy" <gregsonh@gra-inc.com>

To: "Chad Waters" <chad.c.waters@gmail.com>, "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] What's the best utility to find source of outbound net traffic?

Date: Mon, 22 May 2006 23:52:20 -0400

Reply-to: gregsonh@gra-inc.com, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

> > lsof -Pai (as root) root@dopey:~# lsof -Pai COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME hpiod 6712 hplip 0u IPv4 8651 TCP localhost.localdomain:32770 (LISTEN) hpiod 6712 hplip 2u IPv4 8654 TCP localhost.localdomain:32770->localhost.localdomain:44593 (ESTABLISHED) python 6715 hplip 4u IPv4 8667 TCP localhost.localdomain:32771 (LISTEN) python 6715 hplip 5u IPv4 8672 TCP localhost.localdomain:44593->localhost.localdomain:32770 (ESTABLISHED) cupsd 13084 cupsys 0u IPv4 128760 TCP localhost.localdomain:631 (LISTEN) Nothing looks too odd there. So I ran some sensors in KSysGuard and got this for udp: May 22 23:38:48 localhost network/sockets/udp/count: 0 May 22 23:38:50 localhost network/sockets/udp/count: 0 May 22 23:38:52 localhost network/sockets/udp/count: 0 May 22 23:38:54 localhost network/sockets/udp/count: 0 May 22 23:38:56 localhost network/sockets/udp/count: 0 May 22 23:38:58 localhost network/sockets/udp/count: 0 May 22 23:39:00 localhost network/sockets/udp/count: 0 May 22 23:39:02 localhost network/sockets/udp/count: 0 May 22 23:39:04 localhost network/sockets/udp/count: 0 May 22 23:39:06 localhost network/sockets/udp/count: 0 May 22 23:39:08 localhost network/sockets/udp/count: 0 May 22 23:39:10 localhost network/sockets/udp/count: 0 May 22 23:39:12 localhost network/sockets/udp/count: 0 May 22 23:39:14 localhost network/sockets/udp/count: 0 May 22 23:39:16 localhost network/sockets/udp/count: 0 May 22 23:39:18 localhost network/sockets/udp/count: 0 May 22 23:39:20 localhost network/sockets/udp/count: 0 May 22 23:39:22 localhost network/sockets/udp/count: 0 May 22 23:39:24 localhost network/sockets/udp/count: 0 May 22 23:39:26 localhost network/sockets/udp/count: 1 May 22 23:39:28 localhost network/sockets/udp/count: 0 May 22 23:39:30 localhost network/sockets/udp/count: 0 May 22 23:39:32 localhost network/sockets/udp/count: 0 May 22 23:39:34 localhost network/sockets/udp/count: 0 May 22 23:39:36 localhost network/sockets/udp/count: 0 One udp packet every few minutes. No further info. Also, the disk chatters every few seconds. A sensor applied to the disk produces this: May 22 23:43:30 localhost disk/8:0/total: 0 May 22 23:43:32 localhost disk/8:0/total: 0 May 22 23:43:34 localhost disk/8:0/total: 11 May 22 23:43:36 localhost disk/8:0/total: 0 May 22 23:43:38 localhost disk/8:0/total: 5 May 22 23:43:40 localhost disk/8:0/total: 0 May 22 23:43:42 localhost disk/8:0/total: 0 May 22 23:43:44 localhost disk/8:0/total: 3 May 22 23:43:46 localhost disk/8:0/total: 0 May 22 23:43:48 localhost disk/8:0/total: 4 May 22 23:43:50 localhost disk/8:0/total: 0 May 22 23:43:52 localhost disk/8:0/total: 0 May 22 23:43:54 localhost disk/8:0/total: 4 May 22 23:43:56 localhost disk/8:0/total: 0 May 22 23:43:58 localhost disk/8:0/total: 3 May 22 23:44:00 localhost disk/8:0/total: 0 May 22 23:44:02 localhost disk/8:0/total: 0 May 22 23:44:04 localhost disk/8:0/total: 3 May 22 23:44:06 localhost disk/8:0/total: 0 May 22 23:44:08 localhost disk/8:0/total: 5 May 22 23:44:10 localhost disk/8:0/total: 0 May 22 23:44:12 localhost disk/8:0/total: 0 May 22 23:44:14 localhost disk/8:0/total: 21 May 22 23:44:16 localhost disk/8:0/total: 0 May 22 23:44:18 localhost disk/8:0/total: 25 Apparently KSysGuard cannot provide any info on what processes are causing the udp packets and disk activity on a system which should be idle. Are there any more powerful tools for linux which can track specific disk I/O calls? -- Privileged/Confidential information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and notify GRA, Inc. (postmaster@gra-inc.com) immediately. Please advise immediately if you or your employer do not consent to Internet e-mail for messages of this kind. Opinions, conclusions and other information expressed in this message are not given or endorsed by GRA, Inc. unless otherwise indicated by an authorized representative independent of this message. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] What's the best utility to find source of outbound net traffic?
From: Dan Widyono <dan@widyono.net>

References:

Re: [PLUG] Kubuntu and trashed passwords
From: Art Alexion <art.alexion@verizon.net>

Re: [PLUG] Kubuntu and trashed passwords
From: Greg Helledy <gregsonh@gra-inc.com>

[PLUG] Kubuntu and trashed passwords
From: Greg Helledy <gregsonh@gra-inc.com>

Re: [PLUG] Kubuntu and trashed passwords
From: sean finney <seanius@seanius.net>

[PLUG] What's the best utility to find source of outbound net traffic?
From: "Greg Helledy" <gregsonh@gra-inc.com>

Re: [PLUG] What's the best utility to find source of outbound net traffic?
From: "Chad Waters" <chad.c.waters@gmail.com>

Prev by Date: Re: [PLUG] iomega REV drive on Debian

Next by Date: Re: [PLUG] What's the best utility to find source of outbound net traffic?

Previous by thread: Re: [PLUG] What's the best utility to find source of outbound net traffic?

Next by thread: Re: [PLUG] What's the best utility to find source of outbound net traffic?

Index(es):

Date

Thread