ykhrustalev/gist:ac17d440372de8158986

## gistfile1.txt
http://serverfault.com/a/316704/69170

netstat -ptu will give you the owning process ids (along with standard netstat info) for all tcp and udp conections. (Normal users will not be able to id all processes.)

If something is sending out a fair amount of constant traffic you should see it on Recv-Q or Send-Q columns 2 and 3 respectively.

Examples:
Recv-Q
sudo watch -n .1 'netstat -tup | grep -E "^[t,u]cp[6]{0,1}" | sort -nr -k2'

Send-Q
sudo watch -n .1 'netstat -tup | grep -E "^[t,u]cp[6]{0,1}" | sort -nr -k3'

If you suspect that that process is being triggered by another process ps axf.
	http://serverfault.com/a/316704/69170

	netstat -ptu will give you the owning process ids (along with standard netstat info) for all tcp and udp conections. (Normal users will not be able to id all processes.)

	If something is sending out a fair amount of constant traffic you should see it on Recv-Q or Send-Q columns 2 and 3 respectively.

	Examples:
	Recv-Q
	sudo watch -n .1 'netstat -tup \| grep -E "^[t,u]cp[6]{0,1}" \| sort -nr -k2'

	Send-Q
	sudo watch -n .1 'netstat -tup \| grep -E "^[t,u]cp[6]{0,1}" \| sort -nr -k3'

	If you suspect that that process is being triggered by another process ps axf.