dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
3

koitsu
MVM
join:2002-07-16
Mountain View, CA
Humax BGW320-500

koitsu to mahohmei1

MVM

to mahohmei1

Re: Excessive bandwith use

I can assure you the problem isn't your NIC. Your NIC nor the NIC driver is not going to send/receive a bunch of crap across the wire "just for fun". Give me a break.

Are you sure your box isn't compromised? It could be that someone has your box turned into a DDoS client or something similar, especially if you have services running on the Ubuntu box that are open to the Internet (forwarded on your router, etc.). IMO, this sounds like the most likely explanation.

It could also be happening when you're not awake, i.e. when Wireshark isn't running, thus you never see any captured packets. Or your pcap filter could be wrong. Who knows.

My recommendation would be to make a shell script that does something like this, and let it run for 24 hours:

#!/bin/sh
( while true
do
  date
  /sbin/ifconfig eth0
  netstat -4 -6 -n
  echo
  ps auxwwww
  echo
  echo
  sleep 1
done ) | tee /path/to/some/log/file
 

Be aware said log file will be quite big after 24 hours. You can pull our the RX/TX byte transfer statistics by simply doing grep 'RX bytes' /path/to/some/log/file, find the relevant counter output, then open the file in an editor and look around that timeframe for when it happened.

Regardless, the bottom line is this: this is your box, your equipment, therefore your responsibility to figure out/address. I'm not even sure why this is a post in the Comcast HSI forum (vs. the UNIX/Linux forum) for that matter... :-) The latter would be the place to ask for "forensic help".

Alternately, if you don't want to deal with it? Take the box off the network. Disconnect its network cable. Do not reconnect it. Then reinstall the entire OS from scratch (bare bones OS install/format/etc.). Disable any port forwards you have from your router to the Linux box. After that, reconnect the network cable.