mikegorb 11-10-2004 05:07 PM

Laptop keeps sending data every second?
Hi there,

I'm worried about why my computer is continually sending data out onto the network about every second for no apparent reason.

How would I find out what application or service is doing this? It's a pretty fresh install of Fedora Core 2 so I don't think it's adware or spyware, but obveously this is worrying me.

Someone has mentioned Netstat before. But I have no idea how this will help me find out which application (or service) is to blame. If you know how to do this with Netstat or any other application please help! It's driving me crazy.

Thanks in advance!

Mike :-)

fblucher 11-10-2004 07:01 PM

tcpdump -i <interface> -n

This will show you what is talking out onto your network.

netstat -vatnp

Will show you what processes are holding what ports open and what sort of communication it is. Replace the -t with a -u if you want to see UDP.


mikegorb 11-11-2004 11:34 AM

I've tried what you've suggested and killed all services that were running but this hasn't highlighted the problem,

Any suggestions?


Mike :)

fblucher 11-11-2004 03:47 PM

So there was no output from the tcpdump command?

mikegorb 11-12-2004 12:53 PM

There is a lot of activity but I can't understand what to do with the information that its showing.

ff:ff:ff.0453:ipx-rip-resp 4168688976/1.2
18:45:20.124506 arp who-has IPADDRESS tell IPADDRESS
18:45:20.170047 arp who-has IPADDRESS tell IPADDRESS
18:45:20.278150 arp who-has IPADDRESS tell IPADDRESS
18:45:20.318818 IP IPADDRESS > IPADDRESS: P 2683740605:2683740707(102) ack 1317712476 win 16967

IPADDRESS = I've replace IP addresses with this!

Is that useful or is there something else in the output I should be looking for?

Mike :)

fblucher 11-14-2004 11:03 PM

That's an ARP request and responce, nothing too exciting there.

mikegorb 11-16-2004 05:54 AM

I've come to the conclusion that there is nothing actually wrong. Basically linux is showing me activity that Windows just wouldn't do. Because of that I thought I had some program doing something it shouldn't.

The ARP information is completely normal I assume and I must be on a very busy network i.e. University Student Halls!

Many thanks for your help.

Mike :-)

