Determine source of network traffic on Ubuntu
-
05-07-2019 - |
Question
I run an installation of Ubuntu as a server. I have noticed that it is constantly transmitting data over the Internet, which is a little unexpected.
Is there a tool I can use to determine the origin of the data (i.e. which program is sending the information)?
I have full root and physical access to the machine.
Thanks
Solution
You'll need a combination of tools. iptraf to see which port does the traffic (if it's local and not simply forwarded). "netstat -p" will show you which program is attached to a socket. iptraf is it's own package, netstat comes from net-tools which should be in default install.
OTHER TIPS
I believe there is a netstat program available for linux too. You then can use tcpdump on the port in question.