Very High Network out in ec2 instance

I launched an ubuntu-14.04-64bit instance in Amazon EC2 two days back. And I started Tomcat 7.0.54 in that instance and deployed my application war files. It has no other software installed other than tomcat and the default ones. In the past 2 days, its shows 858 GB of Data Transfer(Network Out) from that instance. I have attached a graph of Amazon CloudWatch Metric "Network Out"

My application does not do any data download/upload. Its a Java Spring application and the front end is in HTML&Javascript. My application traffic was very low (less than 20 hits) in those 2 days.

Is there a way to find out why these data transfers happened and also to find what data has been transferred. If you can see in graph, network out was 20gb per minute.

Some more info: Network in was negligible CPU Utilization was very high Everything else was low

Solution 1:

As it seems that the traffic is not so rare, try to catch the transfer by some kind of alerting (can it be Amazon one or a custom script).

Then use netstat, nethogs, ps, tcpdump, etc... to identify the traffic source.

Solution 2:

So the Issue was: The username password of the manager console of Apache Tomcat was tomcat/tomcat.

And someone I guess had deployed a war file which sent too many requests. Moreover, it even changed the permissions levels of the expanded directory in webapps. Major security blunder.