How can I find out what's uploading traffic to the internet? [duplicate]

Two suggestions:

  • Use TCPView to determine the process involved, remote host, etc.
  • Use Wireshark (formerly Ethereal) to see the traffic's content (in addition to the remote address, but not the local process).

If your goal is to determine which program is generating a large volume of traffic, it may make sense to use both in combination -- use Wireshark to determine what the traffic is, and what the local and remote ports are; then use TCPView to determine which local program is responsible.


As an aside, for folks on Linux: Also consider Sysdig. The curses interface, csysdig, specifically lets you look at which processes are sending network traffic. After installing the software, the process looks something like this:

  • Run csysdig
  • Select "Views"
  • Select the "Connections" view
  • Sort by "BPS Out"

The view will provide the command being run for each connection shown.

If you want to view the actual traffic being sent and received, select a connection and press F6 to dig into the syscalls sending and receiving traffic on that connection.