> I have found a program called Etheral(?) which seems to monitor traffic, is > there any other way to know what process, software, etc are active / > transmitting data while I'm surfing the internet?
You can capture traffic in and out of your box by doing: tcpdump -s 20480 -p -w traffic.data The options (in order) tell tcpdump to capture up to 20480 bytes of a packet (ie large enough to hopefully cover all eventualities), not to go into promiscuous mode (so if you see non-broadcast traffic from other systems then you know someone's already done that) and to write all of that to a file called "traffic.data". You can feed that information into either tcpdump, ethereal or tethereal (the console version of ethereal) to analyse what's going on. NB: regarding the snaplen (-s) option, the tcpdump manual page says: 68 bytes is adequate for IP, ICMP, TCP and UDP but may truncate protocol information from name server and NFS packets (see below). Packets truncated because of a limited snapshot are indicated in the output with ``[|proto]'', where proto is the name of the protocol level at which the truncation has occurred. Note that taking larger snapshots both increases the amount of time it takes to process packets and, effectively, decreases the amount of packet buffering. This may cause packets to be lost. You should limit snaplen to the smallest number that will capture the protocol information you're interested in. As to tying that back to particular process, well assuming your box hasn't been rootkit'd already then you can use netstat with the options others have supplied to tie processes to local IP sockets. > Just seems as though my internet has slowed ... don't know what if any spyware >there is for linux. Ethereal and tcpdump are fab for that sort of thing. Have fun! Chris -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
