Excessive Uploading Found on DSL Line

John Van Ostrand john-Da48MpWaEp0CzWx7n4ubxQ at public.gmane.org
Mon Jun 26 18:24:24 UTC 2006


On Mon, 2006-06-26 at 13:28 -0400, Glen Strom wrote:
> I recently had a problem with my EOL DSL line. It turns out Bell had to
> adjust the error correction. When I talked to the EOL tech afterward,
> she said there was an excessive amount of uploading on my connection.
> Naturally, she suspected a virus or something like that until I told
> her I use Linux. Then she suggested that I might have a program on my
> system that's phoning home. So now I have two questions:
> 1. Is there program I can use to locate a chatty app on the system?
> 2. Is there another reason for this uploading activity?
> 
> Note that I haven't included any stats because I'm not sure what
> program to use to measure this uploading.
> 
> By the way, I used both chkrootkit and rkhunter to check for rootkits
> and found nothing amiss. I checked my firewall at ShieldsUp and it's
> still in stealth mode (however accurate/meaningful that is).


I use tcpdump to see what the traffic is. You would use a line like
this:

tcpdump -i ppp0 

This shows one or two lines for every packet. Make sure that you are on
the console (or accessing from your LAN) otherwise it will see your SSH
packets and list them which causes more ssh packets, etc.

There was also a program called ntop that can be used to see where the
traffic is going and which port it is originating from.

-- 
John Van Ostrand
         Net Direct Inc.
 
Chief Technology Officer
564 Weber St. N. Unit 12
   Waterloo, ON N2L 5C6 
 map 
john-Da48MpWaEp0CzWx7n4ubxQ at public.gmane.org
        Ph: 519-883-1172
 ext.5102
Linux Solutions / IBM
Hardware
        Fx: 519-883-8533
 

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list