After fresh system install I have observed strange activity on network monitor - some app is generating small network traffic (sending and receiving data)... how to track which process is causing this network traffic?
2 Answers
NetHogs can do the job:
You may want to decrease the refresh rate with the -d option.
Available options as of version 0.8.5-2:
usage: nethogs [-V] [-h] [-b] [-d seconds] [-v mode] [-c count] [-t] [-p] [-s] [device [device [device ...]]]
-V : prints version.
-h : prints this help.
-b : bughunt mode - implies tracemode.
-d : delay for update refresh rate in seconds. default is 1.
-v : view mode (0 = KB/s, 1 = total KB, 2 = total B, 3 = total MB). default is 0.
-c : number of updates. default is 0 (unlimited).
-t : tracemode.
-p : sniff in promiscious mode (not recommended).
-s : sort output by sent column.
-a : monitor all devices, even loopback/stopped ones.
device : device(s) to monitor. default is all interfaces up and running excluding loopback
When you observe this traffic, note which port and protocol is used. Then check with
netstat -tulpen
First column is the protocol, the number after the : in the Local Address column is the port. The last column shows the PID/Program name
-
How would you know which port and protocol are used?L. Levrel– L. Levrel2021-09-16 10:34:32 +00:00Commented Sep 16, 2021 at 10:34