How can I find out what's uploading traffic to the internet? [duplicate]
Two suggestions:
- Use TCPView to determine the process involved, remote host, etc.
- Use Wireshark (formerly Ethereal) to see the traffic's content (in addition to the remote address, but not the local process).
If your goal is to determine which program is generating a large volume of traffic, it may make sense to use both in combination -- use Wireshark to determine what the traffic is, and what the local and remote ports are; then use TCPView to determine which local program is responsible.
As an aside, for folks on Linux: Also consider Sysdig. The curses interface, csysdig, specifically lets you look at which processes are sending network traffic. After installing the software, the process looks something like this:
- Run
csysdig
- Select "Views"
- Select the "Connections" view
- Sort by "BPS Out"
The view will provide the command being run for each connection shown.
If you want to view the actual traffic being sent and received, select a connection and press F6 to dig into the syscalls sending and receiving traffic on that connection.