Find out large data transfers?
 

Several times lately I have observed my wifi interface apparently transmitting large amounts of data for extended periods of time when I am not doing anything. The first time this happened, I was on my laptop looking at websites, one of which was probably hacker oriented, on firewalling and bridging. Everything slowed to a crawl and firefox appeared to have six or seven copies of itself open. I killed everything, switched to using chrome for the time being, and assumed that firefox had a security flaw. This system was an up to date lubuntu 12.04 install on a netbook. Next time this happened was my home machine and I was using chrome. This time I investigated with netstat and found dozens of connections to ports 80, 443, and 21 to various addresses from high order ports on my machine. They continued even when the browser closed, and data transmission continued as well. This was a fedora 16 install also kept up to date. I am just wondering how one goes about investigating this sort of thing. A website would be fine. What I am finding on google isn't helping me out as much as I would like.

Thanks
Joel

Firefox version?

Any add-ons?

Capture traffic, then analyze with for example Wireshark?

On firefox I have springpad, on chrome I have springpad and feedly for extenstions. Firefox is currently 17.0.1, but it might have updated since I posted. Chrome is version 24.0.1312.52 on this machine. I had thought of trying tcpdump, but I had only used this once and it seemed painful. I kind of wanted to write some iptables rules and block whatever was causing problems, but I am not sure it is so simple as that.

Moved: Given the discrepancy between your question and your reply I've renamed the thread title to something less sensational. Furthermore this thread is deemed more suitable in the Newbie forum and has been moved accordingly to help your thread/question get the exposure it deserves.

Wireshark can analyze a file made with tcpdump. It's pretty neat to analyze traffic. You can start tcpdump, specifying a file for it to write all of your traffic to, and then open the file in wireshark which will allow you to group related packets together, inspect the data transmitted, etc. It's very useful for determining whether data is encrypted, etc.