How to find source and targhet of data transmissions

Karl Auer kauer at biplane.com.au
Sat Mar 2 11:18:44 UTC 2019


On Sat, 2019-03-02 at 18:33 +0800, Bret Busby wrote:
> For the past few minutes, the System Monitor shows data being
> downloaded, that I have not authorised, and about 300-500 kB/s.
> 
> How do I find where the data is originating, and, what is downloading
> it?

If it's arriving at your computer, you know the target.

To find the source, install and run wireshark on your system. When it
starts, select the primary interface on your system and click the blue
fin at top left to start capturing packets. After it's been capturing
data for a few minutes, click the red square to stop capturing. Then
use the "Statistics" feature to list top talkers. Go to Statistics ->
Endpoints and click on the IPv4 tab. You can then click on the column
headings to order the list in various ways. For example, click on "RX
Bytes" to order by data volume received.

If you are using IPv6, also check the IPv6 tab...

Remember the values in the columns related to the addresses in the
leftmost column. Your own address will probably be the one that sends
and receives most, so you are really looking for the next chattiest :-)

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A





More information about the ubuntu-users mailing list