sionut
Posts: 6
Joined: Wed Sep 25, 2019 7:52 am

a lot of traffic from my Raspbian box. How to investigate which app is doing it ?

Wed Oct 09, 2019 6:22 am

Hi,
I recently noticed on my router that my RPi4 (with Raspbian as OS and a few apps) is doing a lot of internet traffic (like 20G upload and 20 GB download daily).

I have no idea what is causing so much traffic and I don't know how to investigate. Any suggestions are welcome !

Thank you !

gkreidl
Posts: 6108
Joined: Thu Jan 26, 2012 1:07 pm
Location: Germany

Re: a lot of traffic from my Raspbian box. How to investigate which app is doing it ?

Wed Oct 09, 2019 6:41 am

To watch the traffic install iftop. You have to run it as root:
sudo iftop
Minimal Kiosk Browser (kweb)
Slim, fast webkit browser with support for audio+video+playlists+youtube+pdf+download
Optional fullscreen kiosk mode and command interface for embedded applications
Includes omxplayerGUI, an X front end for omxplayer

User avatar
rpdom
Posts: 15361
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: a lot of traffic from my Raspbian box. How to investigate which app is doing it ?

Wed Oct 09, 2019 6:49 am

How is your Pi connected to the internet? Does it have a direct connection or is it through a router?

Did you change the "pi" user password BEFORE connecting it to the internet? If not, it has been compromised and you should pull the plug on it right now! Overwrite the SD card with the current Raspbian Buster, then boot the Pi up again and change the password.

The reason being that everyone and his spider knows the "pi" password is "raspberry" and lots of bad people have "bots" set to scan anything connected to the internet (without a firewall or router in the way*) to see if they can log in as "pi". When they do log in they install software to either spread viruses or to try and make them money by harvesting bitcoins or whatever. They don't care if it is a bit slow - they aren't paying for the electricity - you are!

*also, if you have set up port forwarding to allow remote connections.

sionut
Posts: 6
Joined: Wed Sep 25, 2019 7:52 am

Re: a lot of traffic from my Raspbian box. How to investigate which app is doing it ?

Thu Oct 10, 2019 6:40 am

gkreidl wrote:
Wed Oct 09, 2019 6:41 am
To watch the traffic install iftop. You have to run it as root:
sudo iftop
Thanks, I'll try it.

sionut
Posts: 6
Joined: Wed Sep 25, 2019 7:52 am

Re: a lot of traffic from my Raspbian box. How to investigate which app is doing it ?

Thu Oct 10, 2019 6:47 am

rpdom wrote:
Wed Oct 09, 2019 6:49 am
How is your Pi connected to the internet? Does it have a direct connection or is it through a router?

Did you change the "pi" user password BEFORE connecting it to the internet? If not, it has been compromised and you should pull the plug on it right now! Overwrite the SD card with the current Raspbian Buster, then boot the Pi up again and change the password.

The reason being that everyone and his spider knows the "pi" password is "raspberry" and lots of bad people have "bots" set to scan anything connected to the internet (without a firewall or router in the way*) to see if they can log in as "pi". When they do log in they install software to either spread viruses or to try and make them money by harvesting bitcoins or whatever. They don't care if it is a bit slow - they aren't paying for the electricity - you are!

*also, if you have set up port forwarding to allow remote connections.
Well, I didn't expose it to the internet. It's visible only inside my local lan as it's connected to my router.

And yes, I remember that I changed it pretty soon after I connected it to the router (so it wasn't exposed to the internet, not directly anyway).



Return to “General discussion”