| 1 |
On Fri, Feb 6, 2015 at 12:11 AM, Hartmut Figge <h.figge@×××.de> wrote: |
| 2 |
> Greetings, |
| 3 |
> |
| 4 |
> after noticing huge downloads circa ever 2 minutes naturally I wanted to |
| 5 |
> stop that. :) After a reboot followed by startx which opened icewm I |
| 6 |
> issued the command |
| 7 |
> sudo ngrep -t -d net0 | tee system-ngrep_log.txt |
| 8 |
> in a xterm and waited for one occurrence. |
| 9 |
> |
| 10 |
> Full log: www.triffids.de/pub/tmp/system-ngrep_log.txt.gz (5,6MB) |
| 11 |
> |
| 12 |
> How to determine the culprit? |
| 13 |
> |
| 14 |
> Hartmut |
| 15 |
> |
| 16 |
|
| 17 |
Port 995 there indicates SSL POP mail. If you don't know/recall what |
| 18 |
process is polling for that, a run of "netstat -p" while it's active |
| 19 |
should give the pid and name for it. If I recall, "netstat -p" might |
| 20 |
need root. |
| 21 |
|
| 22 |
-- |
| 23 |
Poison [BLX] |
| 24 |
Joshua M. Murphy |
Archives