I'm analyzing the network traffic with iftop an I'm puzzled by this output:
188.25.15.139:11596 => 104.31.112.90:8880 130KB 32KB 19KB
<= 162KB 51KB 30KB
My ip is 188.25.15.139.
The traffic from 104.31.112.90:8880 I would explain as packets sent to me - those could be as much as the other wants to send (is my explanation correct?)
My problem is with the traffic from me (188.25.15.139:11596); I have UFW which blocks 11596 (also 8880 if that matters) so I see no reason to have such a large traffic "from me" on port 11596.
Also I have no process listening on 11596 or 8880; I checked this with:
sudo ss -lptn 'sport = :11596'
sudo ss -lptn 'sport = :8880'
Main question: how could one explain the traffic "from me"?
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial
uname -a
Linux gigi-desktop 4.13.0-37-generic #42~16.04.1-Ubuntu SMP Wed Mar 7 16:03:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
**EDIT**
iftop -f "not dst port 443 and not src port 443 and not dst port 80 and not src port 80 and not dst port 53 and not src port 53 and not dst port 123 and not src port 123"
sudo ufw status numbered
Status: active
To Action From
-- ------ ----
22 LIMIT IN Anywhere
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
Asked by Adrian
(773 rep)
Apr 1, 2018, 07:58 PM
Last activity: Apr 4, 2018, 01:39 PM
Last activity: Apr 4, 2018, 01:39 PM