Today i looked at the network monitoring plasmoid and noticed that there was a fair amount of inbound traffic (i knew that thing was good for something!). Now, since i was not browsing or downloading anything i thought this was strange. Suspecting it might be some internet page on a reload loop in closed Opera but that changed nothing. So, i went looking for a network monitoring program that could show me what program was using my connection. To my surprise i couldn’t find one. Programs that show me where the traffic is coming from yes (e.g. Wireshark) but nothing to show me what´s causing the traffic. Can anyone here help with that?
oh, i almost forgot. I’m using Opensuse 11.1 i.c.m KDE 4.3 RC2
Run netstat to first see what ports are active then run lsof with a grep with the port number. I can’t remember the specific flags for netstat at the mo.
heh, i was hoping for something with a GUI to be honest (don’t even know what a grep is). Something akin to netlimiter perhaps. (don’t need the limiting part but it has good monitoring abilities as well)
I can’t imagine too many people really care what process is using which port so I doubt there is a gui, though I’ll watch the thread with intrigue.
You really aren’t getting much info though without experimenting too much you also have lsof -i and I think netstat -ta will be less verbose. Read the man pages.
I for one am not sure what is to be gained by a gui. So it certainly isn’t going to be my little programming project. As you pointed out you already have far more complex tools in wireshark.
could be that it is not a program on your computer doing anything…
it could be thieves knocking at the door…you do know (don’t you)
that the average time hooked to the net for an unprotected WinTel
machine to remain un-cracked is measured in minutes (NOT hours)…
there are hundreds of thousands of zombied WinTel [google “zombie
botnet” to learn lots, remove the quotes and learn lots more] machines
out there on the net broadcasting attempts to find one more to be
infected and taken over…
every time one hits your IP you will see incoming traffic blink your
router’s LED (and activate your “network monitoring plasmoid”)…
if you can find a terminal, type (or copy/paste)
sudo cat /var/log/firewall | less
press enter and then give your root password when asked…
then you can scroll through (with up/down arrows) all the activity
that your FREE default firewall has protected you from…
and, smile…
ps: press “End” to get to the end of the list and see what has
happened lately, and when you have seen enough just press ‘q’ to stop
the scroll…