I am seeing substantial network traffic when I have no application open that should use the network. Using netstat -tnp I find IP-addresses that are linked to dyndns services, but I don't use anything like that. Also, netstat -tnp can't give me processes that are linked to this traffic. Traffic lasts for several minutes, is mostly down and can be as much as 100kbytes/sec.
Code:
$ netstat -tnp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 298 192.168.178.31:35489 192.168.178.1:445 ESTABLISHED -
tcp 0 0 127.0.0.1:7634 127.0.0.1:53711 TIME_WAIT -
tcp 0 0 192.168.178.31:34621 91.198.22.70:80 TIME_WAIT -
$ whois 91.198.22.70
% Information related to '91.198.22.0 - 91.198.22.255'
inetnum: 91.198.22.0 - 91.198.22.255
netname: DYNDNS-UK
descr: Dynamic Network Services, Inc.
country: GB
And:
Code:
$ netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 Quokka.fritz.box:35489 fritz.box:microsoft-ds ESTABLISHED
tcp 1 1 Quokka.fritz.box:48845 checkip-lax.dyndns:http CLOSING
tcp 0 0 localhost:7634 localhost:53717 TIME_WAIT
And:
Code:
$ netstat -tnp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 324 192.168.178.31:35489 192.168.178.1:445 ESTABLISHED -
tcp 0 0 192.168.178.31:48845 216.146.39.70:80 TIME_WAIT -
tcp 0 0 127.0.0.1:7634 127.0.0.1:53719 TIME_WAIT -
$ whois 216.146.39.70
NetRange: 216.146.32.0 - 216.146.47.255
CIDR: 216.146.32.0/20
OriginAS: AS33517
NetName: DNSINC-3
NetHandle: NET-216-146-32-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
RegDate: 2008-07-16
Updated: 2012-03-02
Ref: http://whois.arin.net/rest/net/NET-216-146-32-0-1
Computer is behind a firewalled router doing NAT (I think that is called differently these days, but I'm an old fart)
What's going on here?
Bookmarks