This afternoon, I did some more experimenting. As at first, I booted
up. I then logged in, but this time as root. I did *not* launch
Thunderbird (or any other e-mail client) or Firefox (or any other
browser) or anything else that I know uses the internet. So the
workstation should be "quiet". I launched ksysguard and a terminal. In
the terminal, I ran "iftop -Pn" (as suggested by Ed). I did a several
screen captures. I put the screen shots into a folder on the google
drive. The link to the folder is:
"https://drive.google.com/drive/folders/18Vul5cD8JUTLJm3lCsZEOWUuPTuyiSDp?usp=sharing";.
Comments/questions on the 11 screenshots (please focus on the starred one):
* Screenshot_20201203_135358.png
This shows a cluster of activity centered slightly left of the word
"Swap" at the bottom of the display. The display covers about 2.5
minutes (= 150 seconds). That cluster of network activity lasted about
16 seconds. I also notice a CPU spike during that cluster of network
activity. I've seen this a few times before, at times when I expect no
network activity and no significant CPU activity.
Screenshot_20201203_140607.png
In "iftop -Pn", what got my attention most is the third entry. Also
"rrac", "ogs-server", "eserver-pap". Are these ssh attempts that the
firewall did/will reject? Are all the lines that contain "tivoconnect"
the workstation, the modem, and/or comcast "keeping in touch"?
Screenshot_20201203_141021.png
In "iftop -Pn", "telnet", "ftps", "aritts", "emcrmird".
Screenshot_20201203_141440.png
In "iftop -Pn","octopus"
Screenshot_20201203_141621.png
In "iftop -Pn", "afs3-errors". Also, "...:dead:beef:cafe:..." is back
(3rd line in the first iftop).
Screenshot_20201203_141753.png
In "iftop -Pn", "ms-v-worlds".
Screenshot_20201203_141851.png
In "iftop -Pn", "zenginkyo-2".
* Screenshot_20201203_141953.png
* Screenshot_20201203_142005.png
The first is in "iftop -Pn", "scp-config", "https", "oob-ws-http".
The second shows a cluster of activity slightly left of the word "Swap"
at the bottom of the display. That cluster of network activity lasted
about 8 seconds.
The first screen shot was taken while the cluster of network activity in
the second screen shot was showing up.
Screenshot_20201203_142342.png
In "iftop -Pn", "winfs", "etlservicemgr".
* Screenshot_20201203_144432.png
This shows a cluster of activity centered slightly left of the word
"Swap" at the bottom of the display. That cluster of network activity
lasted about 12 seconds. I also notice wave of CPU activity (yellow,
then green) just after that cluster of network activity. I've seen this
a few times before, at times when I expect no network activity and no
significant CPU activity. (By the way, those two red CPU spikes are
also suspicious.)
It is the three clusters of network activity that mainly concern me.
What is going on? What specific steps can I do to determine what these are?
One more thing. Go back to the first screen shot in my original post:
"https://drive.google.com/file/d/1EdlSgKY0fJpU7r3nbstWA7G_2C93gOgO/view?usp=sharing
<https://drive.google.com/file/d/1EdlSgKY0fJpU7r3nbstWA7G_2C93gOgO/view?usp=sharing>".
Notice that tall network activity spike near the left end of the screen
capture. I can't yet fully confirm it, but that seems to happen seconds
after the first launch of ksysguard on a given day. I've seen this many
times. What's going on?
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
