I have an applet which reads /proc/net/dev and displays network up/download speed. A few days back it started showing weird things. Like, even when I'm not on the internet, the download speed stays around 52-54 kbps, while normally it tends to stay below 10 kbps. Sometimes it keeps jumping between 10kbps to 400kbps(when the system is idle). I checked the file and it was indeed showing unusual behaviour. The applet is all fine. iftop shows traffic as I expected it to be. What could be the reason? I guess the dev file provides a more basic interface to the hardware. So can it be the case that my pc is under some sort of attack?
Asked
Active
Viewed 817 times
1
-
Do a `tcpdump` and find out? – phemmer Nov 05 '16 at 20:15
-
If `iftop` gives you appropriate results, then my main suspicion would be a bad interpretation of `/proc/net/dev`. – Julie Pelletier Nov 05 '16 at 20:21
-
I read /proc/sys/dev a few times 5 seconds apart and the difference between values was around 300kb. – saga Nov 05 '16 at 20:30
-
300kb divided by 5 seconds gives 60kbps which is close to your estimated connection speed. – Julie Pelletier Nov 07 '16 at 07:16
-
Yes, but the problem is that there is some network traffic present even when the system is idle, which wasn't the case a few days ago. – saga Nov 07 '16 at 07:20
-
Earlier the traffic used to stay below 10 kbps. – saga Nov 07 '16 at 07:21
-
Reading `/proc/net/dev` can be misleading since it does not show any speed relevant details. It is also common for traffic to appear to happen in bursts due to packet size which can also add to the confusion. – Julie Pelletier Nov 10 '16 at 17:30
-
So how can I implement a network meter. Also, I don't know much about networking. Can you provide a reference? – saga Nov 10 '16 at 17:50