which pgm is accessing the net?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

which pgm is accessing the net?

rikona
Running 16.04 updated [yes - will be updating]. :-) My external hardware
firewall [firewalla] alerts me when it sees 'different' activity.
Getting several 'watching video" alerts re googlevideo.com. But, not
watching any video [that I know of]. Still have perhaps 50 pages or so
open in several browsers, which seems like a likely candidate, but all
ads, on-page videos, etc have been stopped.

Is there a way to find out exactly which pgm is accessing the net,
preferably with the net address it's using, and giving me the pgm pid?
If not, what's the best way to figure this out?

I'd rather not shut down one little thing, wait a day or so to see if
it's stopped, then another little thing, and so on. I'd like something
faster, easier, and more precise, if possible.

Thanks

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

ubuntu-users mailing list
On Sun, 3 Jan 2021 20:43:31 -0800, rikona wrote:
>Still have perhaps 50 pages or so open in several browsers, which
>seems like a likely candidate, but all ads, on-page videos, etc have
>been stopped.

I seriously doubt that pausing a video does stop a flash player from
causing traffic, assuming it's software from Adobe or Google. In my
experiences there's no "stop", let alone an "off" option. I usually see
a "pause" or "play" button only. FWIW at least Firefox re-enables google
crap all the time, see about:config, "safebrowsing" is for "it's safe
that Google can spy you", so it's unlikely that a media player mainly
aimed to show advertising, doesn't do something evil in the background,
even if it doesn't play a video. "Skip ad in n seconds" and be ready
for the next ad our algorithm will assign to you, based on the data
mining our "gratis" services and programs do.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

ubuntu-users mailing list
04 January 2021  at 8:33, Ralf Mardorf via ubuntu-users wrote:
Re: which pgm is accessing the net? (at least in part)

>I seriously doubt that pausing a video does stop a flash player from
>causing traffic, assuming it's software from Adobe or Google. In my
>experiences there's no "stop", let alone an "off" option. I usually see
>a "pause" or "play" button only. FWIW at least Firefox re-enables google
>crap all the time, see about:config, "safebrowsing" is for "it's safe
>that Google can spy you", so it's unlikely that a media player mainly
>aimed to show advertising, doesn't do something evil in the background,
>even if it doesn't play a video. "Skip ad in n seconds" and be ready
>for the next ad our algorithm will assign to you, based on the data
>mining our "gratis" services and programs do.

Adding ALL (I've got 463 so far) google servers to your Hosts file may help
with that, but you "may" lose something you would miss, for me I find almost no
loss of service doing this

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

rikona
In reply to this post by ubuntu-users mailing list
On Mon, 4 Jan 2021 08:33:28 +0100
Ralf Mardorf via ubuntu-users <[hidden email]> wrote:

> On Sun, 3 Jan 2021 20:43:31 -0800, rikona wrote:
> >Still have perhaps 50 pages or so open in several browsers, which
> >seems like a likely candidate, but all ads, on-page videos, etc have
> >been stopped.  
>
> I seriously doubt that pausing a video does stop a flash player from
> causing traffic, assuming it's software from Adobe or Google. In my
> experiences there's no "stop", let alone an "off" option. I usually
> see a "pause" or "play" button only. FWIW at least Firefox re-enables
> google crap all the time, see about:config, "safebrowsing" is for
> "it's safe that Google can spy you", so it's unlikely that a media
> player mainly aimed to show advertising, doesn't do something evil in
> the background, even if it doesn't play a video. "Skip ad in n
> seconds" and be ready for the next ad our algorithm will assign to
> you, based on the data mining our "gratis" services and programs do.

That's kinda my view also, and why I was asking if there's a way to
identify **exactly which program** is accessing the net, preferably with
an IP address and a pid so I can tell which part of a multi-part pgm is
responsible.

How can I do that?

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

rikona
In reply to this post by ubuntu-users mailing list
On Mon, 04 Jan 2021 08:06:52 -0000
Grizzly via ubuntu-users <[hidden email]> wrote:

> 04 January 2021  at 8:33, Ralf Mardorf via ubuntu-users wrote:
> Re: which pgm is accessing the net? (at least in part)
>
> >I seriously doubt that pausing a video does stop a flash player from
> >causing traffic, assuming it's software from Adobe or Google. In my
> >experiences there's no "stop", let alone an "off" option. I usually
> >see a "pause" or "play" button only. FWIW at least Firefox
> >re-enables google crap all the time, see about:config,
> >"safebrowsing" is for "it's safe that Google can spy you", so it's
> >unlikely that a media player mainly aimed to show advertising,
> >doesn't do something evil in the background, even if it doesn't play
> >a video. "Skip ad in n seconds" and be ready for the next ad our
> >algorithm will assign to you, based on the data mining our "gratis"
> >services and programs do.  
>
> Adding ALL (I've got 463 so far) google servers to your Hosts file
> may help with that, but you "may" lose something you would miss, for
> me I find almost no loss of service doing this

Thanks for the suggestion. In ancient Windows days I used to use a
hosts file, but it was a big effort to maintain, and I stopped.

I tried blocking the address with the firewall, which is easy. BUT - a
couple of minutes later googlevideo comes up again, with a small change
in the address. It looks like they have a gazillion addresses they can
use, as you are suggesting. :-(((

Please refresh my mind. If the actual address is
abcde12345.googlevideo.com, and I put just googlevideo.com in the hosts
file, will that block any version of the abc... part, or do I need the
entire address in hosts? How can I block [whatever].googlevideo.com?

And, I'd still like to know if there's a way to ID the actual pgm doing
the access. That would be VERY helpful.



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

Colin Law
In reply to this post by rikona


On Mon, 4 Jan 2021, 04:45 rikona, <[hidden email]> wrote:
Running 16.04 updated [yes - will be updating]. :-) My external hardware
firewall [firewalla] alerts me when it sees 'different' activity.
Getting several 'watching video" alerts re googlevideo.com. But, not
watching any video [that I know of]. Still have perhaps 50 pages or so
open in several browsers, which seems like a likely candidate, but all
ads, on-page videos, etc have been stopped.
.

I would start by shutting down the browser for a while and see if that eliminates the problem.

Colin






Is there a way to find out exactly which pgm is accessing the net,
preferably with the net address it's using, and giving me the pgm pid?
If not, what's the best way to figure this out?

I'd rather not shut down one little thing, wait a day or so to see if
it's stopped, then another little thing, and so on. I'd like something
faster, easier, and more precise, if possible.

Thanks

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

Mark Widdicombe-2

Is there a way to find out exactly which pgm is accessing the net,
preferably with the net address it's using, and giving me the pgm pid?
If not, what's the best way to figure this out?

nethogs. Install and run in terminal. 
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

Mike Marchywka
I didn't follow the whole thread but the easiest thing to do is
see if the alerting software had a pid available or a host/port etc.
You can find the connections with this,

netstat -anp



________________________________________
From: ubuntu-users <[hidden email]> on behalf of Mark Widdicombe <[hidden email]>
Sent: Tuesday, January 5, 2021 2:28 AM
To: Ubuntu user technical support, not for general discussions
Subject: Re: which pgm is accessing the net?


Is there a way to find out exactly which pgm is accessing the net,
preferably with the net address it's using, and giving me the pgm pid?
If not, what's the best way to figure this out?

nethogs. Install and run in terminal.
--
ubuntu-users mailing list
[hidden email]<mailto:[hidden email]>
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
--
ubuntu-users mailing list
[hidden email]<mailto:[hidden email]>
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

ubuntu-users mailing list
In reply to this post by Mark Widdicombe-2

And, try: “lsof -i -n -P” to see current open connections (and its PID)


From: "Mike Marchywka" <[hidden email]>
Date: Tuesday, 5 January 2021 at 09:47:02
To: "Ubuntu user technical support, not for general discussions" <[hidden email]>
Subject: Re: which pgm is accessing the net?

I didn't follow the whole thread but the easiest thing to do is
see if the alerting software had a pid available or a host/port etc.
You can find the connections with this,

netstat -anp



________________________________________
From: ubuntu-users <[hidden email]> on behalf of Mark Widdicombe <[hidden email]>
Sent: Tuesday, January 5, 2021 2:28 AM
To: Ubuntu user technical support, not for general discussions
Subject: Re: which pgm is accessing the net?


Is there a way to find out exactly which pgm is accessing the net,
preferably with the net address it's using, and giving me the pgm pid?
If not, what's the best way to figure this out?

nethogs. Install and run in terminal.
--
ubuntu-users mailing list
[hidden email]<mailto:[hidden email]>
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
--
ubuntu-users mailing list
[hidden email]<mailto:[hidden email]>
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

rikona
On Tue, 5 Jan 2021 09:27:16 +0000
Hans via ubuntu-users <[hidden email]> wrote:

> And, try: “lsof -i -n -P” to see current open connections (and its
> PID)
>
>
> From: "Mike Marchywka"
> <[hidden email]<mailto:[hidden email]>> Date: Tuesday,
> 5 January 2021 at 09:47:02 To: "Ubuntu user technical support, not
> for general discussions"
> <[hidden email]<mailto:[hidden email]>>
> Subject: Re: which pgm is accessing the net?
>
> I didn't follow the whole thread but the easiest thing to do is
> see if the alerting software had a pid available or a host/port etc.
> You can find the connections with this,
>
> netstat -anp

Many thanks to all for the suggestions re how to do this!! They give me
the info to see who's doing what. :-) Next task is to see which IPs
belong to google.

In the meantime I figured out how to get the firewall to block the
entire googlevideo.com domain, but just for the Ubuntu box, not all
the LAN devices. It's also easy to temporarily pause these rules if I do
need to watch a YouTube video. :-) I'm beginning to like the Firewalla
firewall - nice. I'd recommend it to folks interested.

So far, blocking that domain does not seem to have caused any major
problems - just less junk on the screens. I am still interested in
knowing which web sites were causing the problems, now that I have the
info to check that out.

Thanks for the help...

> ________________________________________
> From: ubuntu-users <[hidden email]> on behalf
> of Mark Widdicombe <[hidden email]> Sent: Tuesday, January
> 5, 2021 2:28 AM To: Ubuntu user technical support, not for general
> discussions Subject: Re: which pgm is accessing the net?
>
>
> Is there a way to find out exactly which pgm is accessing the net,
> preferably with the net address it's using, and giving me the pgm pid?
> If not, what's the best way to figure this out?
>
> nethogs. Install and run in terminal.
> --

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

Liam Proven
On Tue, 5 Jan 2021 at 20:33, rikona <[hidden email]> wrote:
>
> In the meantime I figured out how to get the firewall to block the
> entire googlevideo.com domain, but just for the Ubuntu box, not all
> the LAN devices.

PiHole may help you...

https://pi-hole.net/

--
Liam Proven – Profile: https://about.me/liamproven
Email: [hidden email] – gMail/gTalk/gHangouts: [hidden email]
Twitter/Facebook/LinkedIn/Flickr: lproven – Skype: liamproven
UK: +44 7939-087884 – ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

rikona
On Wed, 6 Jan 2021 13:34:33 +0100
Liam Proven <[hidden email]> wrote:

> On Tue, 5 Jan 2021 at 20:33, rikona <[hidden email]> wrote:
> >
> > In the meantime I figured out how to get the firewall to block the
> > entire googlevideo.com domain, but just for the Ubuntu box, not all
> > the LAN devices.  
>
> PiHole may help you...
>
> https://pi-hole.net/

Thanks for the suggestion! That's a VERY interesting pgm, especially
since it works for the whole local net. I've been using browser add-ons
to help with ads, and this adds another dimension to overall protection.

Turns out this is similar to the ad blocking available in the Firewalla
firewall. I've not activated that [yet] since I was using browser
protection, but will consider doing that. This firewall has a very nice
interface which makes it much easier for a network semi-novice like me,
even easier than PiHole. My previous experience with firewalls was that
one needs to know a lot of very detailed network info in order to get
good, thorough protection. And, at least in the firewall hardware I
used then, it was really a fixed situation requiring much time/effort
to make significant changes. Firewalla has several one click 'pause'
options that are quite nice, easy, and fast.

So, I'll probably stick with Firewalla, but I really appreciate your
suggestion.

Thanks...

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

Colin Law
On Thu, 7 Jan 2021 at 21:10, rikona <[hidden email]> wrote:

>
> On Wed, 6 Jan 2021 13:34:33 +0100
> Liam Proven <[hidden email]> wrote:
>
> > On Tue, 5 Jan 2021 at 20:33, rikona <[hidden email]> wrote:
> > >
> > > In the meantime I figured out how to get the firewall to block the
> > > entire googlevideo.com domain, but just for the Ubuntu box, not all
> > > the LAN devices.
> >
> > PiHole may help you...
> >
> > https://pi-hole.net/
>
> Thanks for the suggestion! That's a VERY interesting pgm, especially
> since it works for the whole local net. I've been using browser add-ons
> to help with ads, and this adds another dimension to overall protection.
>
> Turns out this is similar to the ad blocking available in the Firewalla
> firewall.

Note that PiHole (which is an excellent application) is not a
firewall, it works by intercepting the DNS lookup of blacklisted
sites.

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: which pgm is accessing the net?

rikona
On Thu, 7 Jan 2021 22:15:43 +0000
Colin Law <[hidden email]> wrote:

> On Thu, 7 Jan 2021 at 21:10, rikona <[hidden email]> wrote:
> >
> > On Wed, 6 Jan 2021 13:34:33 +0100
> > Liam Proven <[hidden email]> wrote:
> >  
> > > On Tue, 5 Jan 2021 at 20:33, rikona <[hidden email]> wrote:  
> > > >
> > > > In the meantime I figured out how to get the firewall to block
> > > > the entire googlevideo.com domain, but just for the Ubuntu box,
> > > > not all the LAN devices.  
> > >
> > > PiHole may help you...
> > >
> > > https://pi-hole.net/ 
> >
> > Thanks for the suggestion! That's a VERY interesting pgm, especially
> > since it works for the whole local net. I've been using browser
> > add-ons to help with ads, and this adds another dimension to
> > overall protection.
> >
> > Turns out this is similar to the ad blocking available in the
> > Firewalla firewall.  
>
> Note that PiHole (which is an excellent application) is not a
> firewall, it works by intercepting the DNS lookup of blacklisted
> sites.
>
> Colin

Yes, thanks for the heads-up. I saw that when I checked it out.
Firewalla does a similar thing, using their own DNS cache. For privacy,
though, they do NOT look inside the 'data stream', and, as a result,
can't block as many ads as a service that looks inside your data.  I'll
settle for that trade-off, though. :-) I also saw several services that
do similar things - you just have to change your DNS on the comp or
router, they do the rest. I'd guess the free ones like to look inside
data to see what they can sell. :-)

I actually wanted a firewall, and got Firewalla. I'm finding it does
other useful things as well. They have newer gigabit hardware that can
do network segmentation, etc, and is also a router. It is tempting
me. :-)

Thanks...


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users