Query about monitoring unknown Internet traffic

Joel Rees joel.rees at gmail.com
Sat Oct 17 23:39:59 UTC 2015

On Sun, Oct 18, 2015 at 6:21 AM, Bret Busby <bret.busby at gmail.com> wrote:
> Hello.
> Last night, this computer, running UbuntuMate 1504, started sending
> and receiving unknown data to and from the Internet.

Is this something you know started last night or is it possible that
it has been happening for a while and you just became aware of it last

> I do not know whether the system has some unknown spyware, or has been breached.

Unknown spyware isn't a breach?

Hmm. Well, it used to be easier to say all spyware was bad. :-/

> Is a utility available for Ubuntu, that will show what application(s)
> is/are involved on the system, in the unsolicited data transmission.

Yes, there are some tools, and Ralf and Nathaniel have mentioned a few
of them. Checking the man pages will lead you to more.

There is a problem, of course, in trying to test a system with tools
on the system you are trying to test.

That said, you can and should start by looking for stuff that
legitimately accesses the net automatically

> At present, all that I can do, to regulate the data transmission, is
> to pull the (Internet connection) plug on the system.

You know, I'm trying to convince myself I need a firewall/filter that
I can control between my home LAN and the 'Net. So far, I've just been
using the basic firewall in the modem, but it sure doesn't record all
the stuff I need to record.

> In the course of my writing this message, the system has apparently
> been downloading at about 200kb/s and uploading at about 20kb/s, and I
> have no idea as to what it is doing, and, it is scary.

So, what did you install last night? What sites did you visit? etc.
Or, if not last night, think over the past several weeks.

Joel Rees

Be careful when you look at conspiracy.
Arm yourself with knowledge of yourself, as well:

More information about the ubuntu-users mailing list