1
0
Our internet is getting shaped, so excess traffic is affecting us far more than normal. I've narrowed down the source of traffic to my own PC, which is a freshly installed Xubuntu 16.10 machine. My router measures around 128 KB/s incoming with the machine on, and effectively 0 with the machine off. This seems to be quite constant. If I disable the interface by ifdown or equivalently with the NetworkManager tool, traffic also drops to 0.
However, trying to work out what is actually causing this is very intruiging. Tools like iftop and nethogs only report a very small amount of traffic, 4-5 KB/s when my machine is idle. These tools seem to report programs I am aware of (browser, email, ssh) accurately. The router still reports 128 KB/s incoming here.
How can I find out what is causing this traffic, and why are iftop and nethogs not finding it?
Jarrad
Posted 2017-04-11T01:53:05.257
Reputation: 151
1are you sure you are pointing iftop to the right adapter? I've got a few boxes where the primary nic is eth1, so I must specify the interface when invoking the command. – Frank Thomas – 2017-04-11T02:43:37.697
You checked for IPv6 traffic (
iftopnew enough)? You checked all interface visible withip link(packets may be redirected to other interfaces by the kernel, e.g. for tunneling)? Do you see anything if you run wireshark on the specific interface in question? – dirkt – 2017-04-11T06:20:33.180