...I have a problem.
I discovered this problem as a consequence of my new college's soft bandwidth limits. If a dorm computer uploads or downloads more than 2GB of data, that computer's bandwidth is limited by the firewall until the heavy network use falls off the 24 hour window. Naturally, the school provides a webpage that allows students to monitor their own computer's bandwidth usage. I was watching mine, and found my bandwidth usage to be inexplicably high. Even at times when I was not actively using the bandwidth (when the only uses were running IM/IRC clients and running but not actively used browsers, etc.), my bandwidth usage would sometimes be considerably *higher* than when I was actively using the bandwidth (for example, when watching several Youtube videos in a row).
This made me suspicious, so I downloaded a network monitor (EtherApe) and set it to record the IPs and corresponding data transfers overnight. I found out that several domains I did not recognize were communicating with my computer. Moreover, one of these domains in particular was using several subdomains to transfer anywhere between 10-30 MB per subdomain at a time when I was asleep (and thus not using my computer).
My firewall is set to allow only incoming connections on port 22 (SSH), which means that the connections mentioned above must have been initiated from my computer. Given this, there is only one conclusion that I can come up with to explain this: My computer seems to be running a "service" that I do not know about. That service needs to die, and I need help/advice in terms of finding that service.
The following are the services/bandwidth users that *should* be on my computer.
- My web browser
- An FaH client (it effectively donates some of my computer's processing power)
- A Hamachi client (it's a VPN program, and it's connected to only 1 VPN)
- An SSH server
- Pidgin (IM client) running several protocols
- Ubuntu's automatic update checker and corresponding update client.
Unless I've forgotten something, anything else presently using my bandwidth is an illegitimate program.
As of right now, my desktop's firewall is locked (it's now blocking *everything*, even legitimate use) so that this doesn't get worse in the meantime. I'm using my laptop to post this in the meantime, but I'd rather not have to wipe my desktop's OS to fix this if at all possible. Also, though I alluded to this previously, my desktop is running Ubuntu 10.4.
...
Please help.