views:

55

answers:

2

I run an installation of Ubuntu as a server. I have noticed that it is constantly transmitting data over the Internet, which is a little unexpected.

Is there a tool I can use to determine the origin of the data (i.e. which program is sending the information)?

I have full root and physical access to the machine.

Thanks

+1  A: 

I believe there is a netstat program available for linux too. You then can use tcpdump on the port in question.

Stefan Ernst
+2  A: 

You'll need a combination of tools. iptraf to see which port does the traffic (if it's local and not simply forwarded). "netstat -p" will show you which program is attached to a socket. iptraf is it's own package, netstat comes from net-tools which should be in default install.

Pasi Savolainen
iftop is an alternative to iptraf: it's single-purpose (showing connections by source, destination, and bandwidth) and has IMO a much simpler UI. Does BPF filters, too.
hobbs