1 |
On Fri, Feb 6, 2015 at 12:11 AM, Hartmut Figge <h.figge@×××.de> wrote: |
2 |
> Greetings, |
3 |
> |
4 |
> after noticing huge downloads circa ever 2 minutes naturally I wanted to |
5 |
> stop that. :) After a reboot followed by startx which opened icewm I |
6 |
> issued the command |
7 |
> sudo ngrep -t -d net0 | tee system-ngrep_log.txt |
8 |
> in a xterm and waited for one occurrence. |
9 |
> |
10 |
> Full log: www.triffids.de/pub/tmp/system-ngrep_log.txt.gz (5,6MB) |
11 |
> |
12 |
> How to determine the culprit? |
13 |
> |
14 |
> Hartmut |
15 |
> |
16 |
|
17 |
Port 995 there indicates SSL POP mail. If you don't know/recall what |
18 |
process is polling for that, a run of "netstat -p" while it's active |
19 |
should give the pid and name for it. If I recall, "netstat -p" might |
20 |
need root. |
21 |
|
22 |
-- |
23 |
Poison [BLX] |
24 |
Joshua M. Murphy |