Search for utility to identify source of WWW traffic

[Bob]

** Reply to message from Bret Busby <bret.busby at gmail.com> on Sun, 1 Apr 2018
00:51:12 +0800

> On 31/03/2018, Wade Smart <wadesmart at gmail.com> wrote:
> > --
> > Registered Linux User: #480675
> > Registered Linux Machine: #408606
> > Linux since June 2005
> >
> >
> > On Sat, Mar 31, 2018 at 10:08 AM, Bret Busby <bret.busby at gmail.com> wrote:
> >> Hello.
> >>
> >> I currently have two web browsers open (not firefox), and their
> >> download managers show no downloads occurring.
> >>
> >> But, something has beeen downloading data at around 200-300kBps, for
> >> over an hour.
> >>
> >> Is a utility available, that can identify what application(s) is/are
> >> downloading data, and, what URL's are being accessed for the downloads
> >> being performed?
> >>
> >> Thank you in anticipation.
> >>
> >> --
> >> Bret Busby
> >> Armadale
> >> West Australia
> >
> > https://askubuntu.com/questions/257263/how-to-display-network-traffic-in-the-terminal
> >
> > tcptrack maybe?
> >
> 
> The tcptrack identifies the IP address being accessed, but in trying
> to do a reverse DNS (?) lookup, I can not fid the domain name. the
> information that is returned, shows the location as being, from one
> source, Melbourne, Australia, from another source, San Francisco, USA,
> but the results name the hosting dervice and not the domain name.

I doubt that the IP address has a domain name.  I think it is a highjacked
computer that is being used to find other computers that do not have even the
very basic security.  A lot of ISPs do not assign domain names to their home IP
addresses.


> The other command mentioned, netstat, I think, identified the web browser here.
> 
> So, I have been able to identify the web browser here, that is
> involved, and, I have been able to identify the IP address involved,
> but I can not identify the domain name involved.

-- 
Robert Blair


You cannot multiply wealth by dividing it. -- Adrian Rogers