Re: Mysterius Download

To: debian-user@lists.debian.org
Subject: Re: Mysterius Download
From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
Date: Sat, 01 Mar 2014 01:35:06 +1100
Message-id: <53109E9A.80402@gmail.com>
In-reply-to: <531089C4.4010206@c2o.pro.br>
References: <531089C4.4010206@c2o.pro.br>

On 01/03/14 00:06, Markos wrote:
> Hi Everybody,
> 
> The browser takes a long time to open the pages but the applet
> "properties of network connection" shows a high download rate.

Which browser?

> 
> But I'm not downloading anything!

But your browser might be e.g. extension updates, synchronising
bookmarks/extensions/passwords if you have sync enabled.

Most likely it's just checking for extension updates - you'd expect a
"high download rate" - just check your network statistics and see
whether it's a "high volume".

I use KDE so I use KNemo show traffic (transfer speed) as well as
hourly, weekly and monthly volume statistics. I'm not familiar with the
equivalents for other desktop environments. ethstats is one of several
CLI tools that will do the same thing.

> 
> How to find out which program is doing this mysterious "download" and
> block this download?

$ netstat --inet
will show you where you are connecting to.

e.g.:-
$ netstat --inet -p (sorry about the line wrapping).
Proto Recv-Q Send-Q Local Address           Foreign Address
State       PID/Program name
tcp        0      0 vbserver.sunnysid:46471 dev.sunnyside.home:http
ESTABLISHED 13939/iceweasel
tcp        0      0 192.168.1.100:46889     192.168.1.1:http
ESTABLISHED 13939/iceweasel
tcp        0      0 192.168.1.100:32902     pd-in-f16.1e100.n:imaps
ESTABLISHED 4986/icedove
tcp        0      0 192.168.1.100:35633     scottferguson.com.a:222
ESTABLISHED 17825/ssh
tcp        0      0 192.168.1.100:44837     192.168.1.1:http
CLOSE_WAIT  16008/kwrite
tcp        0      0 192.168.1.100:47602     192.168.1.1:http
ESTABLISHED 13939/iceweasel
tcp        0      0 192.168.1.100:47547     192.168.1.1:http
ESTABLISHED 13939/iceweasel
tcp        0      0 192.168.1.100:45692     192.168.1.1:http
ESTABLISHED 13939/iceweasel
tcp        0      0 vbserver.sunnysid:57354 dev.sunnys:microsoft-ds
ESTABLISHED -
tcp        0      0 192.168.1.100:40641     pa-in-f16.1e100.n:imaps
ESTABLISHED 4986/icedove
tcp        0      0 vbserver.s:microsoft-ds t22.sunnyside.hom:56452
ESTABLISHED -
tcp        0      0 vbserver.sunnysid:43963 dev.sunnyside.home:http
CLOSE_WAIT  16008/kwrite
tcp        0      0 192.168.1.100:40562     pa-in-f16.1e100.n:imaps
CLOSE_WAIT  4986/icedove
tcp        0      0 vbserver.sunnysid:43862 dev.sunnyside.home:http
CLOSE_WAIT  16008/kwrite
tcp        0      0 vbserver.sunnysid:37587 dev.sunnyside.home:9100
ESTABLISHED 16624/rdesktop
tcp        0      0 192.168.1.100:44833     192.168.1.1:http
CLOSE_WAIT  16008/kwrite
tcp        0      0 vbserver.sunnysid:53483 dev.sunnyside.home:ssh
ESTABLISHED 16447/ssh

the 192.168.*.* addresses is the modem web control interface
the *.imaps are email connections
the *sunnysi*.* are local network machine connections
the *:222 is a ssh connection
the *:http is a web connection

The http connections are the ones you're interested in. You can find out
them with "whois $domainname"

If you use "netstat --inet -pc"
You'll get a continuous update of what's connecting to what. So start
netstat and then open your browser - and you'll see a lot of connections
to mozilla (if you are running Iceweasel/Firefox).


> 
> I'm using Debian Squeeze.
> 
> Thank you,
> Markos
> 
> 


Kind regards

Reply to:

References:
- Mysterius Download
  - From: Markos <markos@c2o.pro.br>

Prev by Date: Re: Mysterius Download
Next by Date: Re: Mysterius Download
Previous by thread: Re: Mysterius Download
Next by thread: Re: Mysterius Download
Index(es):
- Date
- Thread