dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed

Mountain View, CA
reply to mahohmei

Re: Excessive bandwith use

I can assure you the problem isn't your NIC. Your NIC nor the NIC driver is not going to send/receive a bunch of crap across the wire "just for fun". Give me a break.

Are you sure your box isn't compromised? It could be that someone has your box turned into a DDoS client or something similar, especially if you have services running on the Ubuntu box that are open to the Internet (forwarded on your router, etc.). IMO, this sounds like the most likely explanation.

It could also be happening when you're not awake, i.e. when Wireshark isn't running, thus you never see any captured packets. Or your pcap filter could be wrong. Who knows.

My recommendation would be to make a shell script that does something like this, and let it run for 24 hours:

( while true
  /sbin/ifconfig eth0
  netstat -4 -6 -n
  ps auxwwww
  sleep 1
done ) | tee /path/to/some/log/file

Be aware said log file will be quite big after 24 hours. You can pull our the RX/TX byte transfer statistics by simply doing grep 'RX bytes' /path/to/some/log/file, find the relevant counter output, then open the file in an editor and look around that timeframe for when it happened.

Regardless, the bottom line is this: this is your box, your equipment, therefore your responsibility to figure out/address. I'm not even sure why this is a post in the Comcast HSI forum (vs. the UNIX/Linux forum) for that matter... :-) The latter would be the place to ask for "forensic help".

Alternately, if you don't want to deal with it? Take the box off the network. Disconnect its network cable. Do not reconnect it. Then reinstall the entire OS from scratch (bare bones OS install/format/etc.). Disable any port forwards you have from your router to the Linux box. After that, reconnect the network cable.

Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer.