Я использую Ubuntu 12.04 64bit. Я использую HTTP-прокси через ssh, как упоминалось здесь. Когда я запускаю TinyProxy, я вижу журнал трафика.

Отредактировано: если вы посмотрите на журнал, вы увидите, что весь трафик - это реклама. Кроме того, хотя у меня нет запущенных приложений, таких как Firefox, Thunderbird, Pidgin и т.д., Существует огромный трафик. Таким образом, приложение должно работать в фоновом режиме.

Знаете ли вы какой-нибудь способ обнаружить это приложение? Как я могу найти приложение, которое вызывает рекламу трафика?

пс топор

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:01 /sbin/init
    2 ?        S      0:00 [kthreadd]
    3 ?        S      0:00 [ksoftirqd/0]
    6 ?        S      0:00 [migration/0]
    7 ?        S      0:00 [watchdog/0]
   21 ?        S<     0:00 [cpuset]
   22 ?        S<     0:00 [khelper]
   23 ?        S      0:00 [kdevtmpfs]
   24 ?        S<     0:00 [netns]
   26 ?        S      0:00 [sync_supers]
   27 ?        S      0:00 [bdi-default]
   28 ?        S<     0:00 [kintegrityd]
   29 ?        S<     0:00 [kblockd]
   30 ?        S<     0:00 [ata_sff]
   31 ?        S      0:00 [khubd]
   32 ?        S<     0:00 [md]
   34 ?        S      0:00 [khungtaskd]
   35 ?        S      0:00 [kswapd0]
   36 ?        SN     0:00 [ksmd]
   37 ?        SN     0:00 [khugepaged]
   38 ?        S      0:00 [fsnotify_mark]
   39 ?        S      0:00 [ecryptfs-kthrea]
   40 ?        S<     0:00 [crypto]
   48 ?        S<     0:00 [kthrotld]
   49 ?        S      0:00 [scsi_eh_0]
   50 ?        S      0:00 [scsi_eh_1]
   51 ?        S      0:00 [scsi_eh_2]
   52 ?        S      0:00 [scsi_eh_3]
   75 ?        S<     0:00 [devfreq_wq]
  240 ?        S<     0:00 [xfs_mru_cache]
  241 ?        S<     0:00 [xfslogd]
  242 ?        S<     0:00 [xfsdatad]
  243 ?        S<     0:00 [xfsconvertd]
  245 ?        S      0:00 [xfsbufd/sda3]
  246 ?        S      0:01 [xfsaild/sda3]
  330 ?        S      0:00 upstart-udev-bridge --daemon
  333 ?        Ss     0:00 /sbin/udevd --daemon
  472 ?        S<     0:00 [cfg80211]
  479 ?        S<     0:00 [kpsmoused]
  671 ?        S      0:00 upstart-socket-bridge --daemon
  779 ?        S      0:00 [xfsbufd/sda4]
  781 ?        S      0:01 [xfsaild/sda4]
  785 ?        S<     0:00 [ttm_swap]
  800 ?        S<     0:00 [hd-audio0]
  803 ?        S<     0:00 [hd-audio1]
  857 ?        Sl     0:00 rsyslogd -c5
  869 ?        Ss     0:04 dbus-daemon --system --fork --activation=upstart
  881 ?        Ss     0:00 /usr/sbin/modem-manager
  883 ?        Ss     0:00 /usr/sbin/bluetoothd
  905 ?        Ssl    0:02 NetworkManager
  906 ?        Ss     0:00 /usr/sbin/cupsd -F
  910 ?        Sl     0:02 /usr/lib/policykit-1/polkitd --no-debug
  918 ?        S      0:00 avahi-daemon: running [bunyamin-hp.local]
  919 ?        S      0:00 avahi-daemon: chroot helper
  920 ?        S<     0:00 [krfcommd]
  956 ?        Ss     0:00 /sbin/wpa_supplicant -B -P /run/sendsigs.omit.d/wpasupplicant.pid -u -s -O /var/run/wpa_supplicant
  980 tty4     Ss+    0:00 /sbin/getty -8 38400 tty4
  985 tty5     Ss+    0:00 /sbin/getty -8 38400 tty5
 1000 tty2     Ss+    0:00 /sbin/getty -8 38400 tty2
 1006 tty3     Ss+    0:00 /sbin/getty -8 38400 tty3
 1009 tty6     Ss+    0:00 /sbin/getty -8 38400 tty6
 1024 ?        Ss     0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket
 1025 ?        Ss     0:00 atd
 1026 ?        Ss     0:00 cron
 1029 ?        Ss     0:01 /usr/sbin/irqbalance
 1034 ?        Ssl    0:00 whoopsie
 1091 ?        Ssl    0:00 lightdm
 1216 tty1     Ss+    0:00 /sbin/getty -8 38400 tty1
 1224 ?        Sl     0:00 /usr/lib/accountsservice/accounts-daemon
 1241 ?        Sl     0:00 /usr/sbin/console-kit-daemon --no-daemon
 1356 ?        Sl     0:00 /usr/lib/upower/upowerd
 1447 ?        Sl     0:00 /usr/lib/x86_64-linux-gnu/colord/colord
 1539 ?        SNl    0:00 /usr/lib/rtkit/rtkit-daemon
 1723 ?        Sl     0:00 /usr/lib/udisks/udisks-daemon
 1724 ?        S      0:00 udisks-daemon: not polling any devices
 2077 ?        Z      0:00 [lightdm] <defunct>
 2433 ?        Z      0:00 [lightdm] <defunct>
 3491 ?        S      0:00 [flush-8:0]
 4023 ?        S      0:00 [kworker/u:14]
 4034 ?        S      0:00 [migration/1]
 4035 ?        S      0:00 [kworker/1:3]
 4036 ?        S      0:00 [ksoftirqd/1]
 4037 ?        S      0:00 [watchdog/1]
 4038 ?        S      0:00 [migration/2]
 4040 ?        S      0:00 [ksoftirqd/2]
 4041 ?        S      0:00 [watchdog/2]
 4042 ?        S      0:00 [migration/3]
 4043 ?        S      0:00 [kworker/3:1]
 4044 ?        S      0:00 [ksoftirqd/3]
 4045 ?        S      0:00 [watchdog/3]
 4047 ?        S      0:00 [irq/43-mei]
 4070 ?        S      0:00 [kworker/3:0]
 4072 ?        S      0:00 [kworker/1:0]
 4164 ?        Ss     0:00 anacron -s
 4549 tty7     Ss+    1:13 /usr/bin/X :0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
 4683 ?        Sl     0:00 lightdm --session-child 12 47
 4718 ?        Sl     0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
 4729 ?        Ssl    0:00 gnome-session --session=gnome-fallback
 4765 ?        Ss     0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session gnome-session --session=gnome-fallback
 4768 ?        S      0:00 /usr/bin/dbus-launch --exit-with-session gnome-session --session=gnome-fallback
 4769 ?        Ss     0:00 //bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
 4779 ?        Sl     0:01 /usr/lib/gnome-settings-daemon/gnome-settings-daemon
 4786 ?        S      0:00 /usr/lib/gvfs/gvfsd
 4788 ?        Sl     0:00 /usr/lib/gvfs//gvfs-fuse-daemon -f /home/bunyamin/.gvfs
 4797 ?        Sl     0:00 /usr/lib/gnome-settings-daemon/gsd-printer
 4799 ?        Sl     0:03 metacity
 4805 ?        S      0:00 /usr/lib/x86_64-linux-gnu/gconf/gconfd-2
 4811 ?        Sl     0:10 gnome-panel
 4814 ?        S      0:00 syndaemon -i 2.0 -K -R -t
 4819 ?        S<l    0:00 /usr/bin/pulseaudio --start --log-target=syslog
 4821 ?        Sl     0:00 /usr/lib/dconf/dconf-service
 4826 ?        Sl     0:00 /usr/lib/gnome-settings-daemon/gnome-fallback-mount-helper
 4828 ?        Sl     0:06 nautilus -n
 4830 ?        Sl     0:02 nm-applet
 4832 ?        Sl     0:00 /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
 4835 ?        Sl     0:00 bluetooth-applet
 4851 ?        S      0:00 /usr/lib/pulseaudio/pulse/gconf-helper
 4854 ?        Sl     0:04 /usr/lib/indicator-applet/indicator-applet-complete
 4859 ?        S      0:00 /usr/lib/gvfs/gvfs-gdu-volume-monitor
 4863 ?        S      0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
 4865 ?        Sl     0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor
 4871 ?        S      0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.6 /org/gtk/gvfs/exec_spaw/0
 4874 ?        Sl     0:00 /usr/lib/indicator-application/indicator-application-service
 4876 ?        Sl     0:00 /usr/lib/indicator-datetime/indicator-datetime-service
 4878 ?        Sl     0:00 /usr/lib/indicator-messages/indicator-messages-service
 4887 ?        Sl     0:00 /usr/lib/indicator-printers/indicator-printers-service
 4888 ?        Sl     0:00 /usr/lib/indicator-session/indicator-session-service
 4889 ?        Sl     0:00 /usr/lib/indicator-sound/indicator-sound-service
 4906 ?        S      0:00 /usr/lib/geoclue/geoclue-master
 4929 ?        S      0:00 /usr/lib/ubuntu-geoip/ubuntu-geoip-provider
 4938 ?        Sl     0:11 /usr/lib/gnome-applets/multiload-applet-2
 4939 ?        Sl     0:01 /usr/lib/gnome-applets/cpufreq-applet
 4953 ?        S      0:00 /usr/lib/gvfs/gvfsd-metadata
 4955 ?        S      0:00 /usr/lib/gvfs/gvfsd-burn --spawner :1.6 /org/gtk/gvfs/exec_spaw/1
 4957 ?        Sl     3:22 /usr/lib/firefox/firefox
 4973 ?        Sl     0:00 /usr/lib/x86_64-linux-gnu/at-spi2-core/at-spi-bus-launcher
 4997 ?        Sl     0:00 /usr/lib/gnome-disk-utility/gdu-notification-daemon
 5000 ?        Sl     0:00 telepathy-indicator
 5007 ?        Sl     0:00 /usr/lib/telepathy/mission-control-5
 5012 ?        Sl     0:00 /usr/lib/gnome-online-accounts/goa-daemon
 5018 ?        Sl     0:00 gnome-screensaver
 5019 ?        Sl     0:01 zeitgeist-datahub
 5025 ?        Sl     0:00 /usr/bin/zeitgeist-daemon
 5033 ?        Sl     0:00 /usr/lib/zeitgeist/zeitgeist-fts
 5041 ?        S      0:00 /bin/cat
 5052 ?        Sl     0:08 /usr/bin/gnome-terminal -x /bin/sh -c '/home/bunyamin/Desktop/SSH Tunnel'
 5058 ?        S      0:00 gnome-pty-helper
 5067 ?        Sl     0:00 update-notifier
 5090 ?        S      0:00 /usr/bin/python /usr/lib/system-service/system-service-d
 5130 ?        Sl     0:00 /usr/lib/deja-dup/deja-dup/deja-dup-monitor
 5135 ?        S      0:00 /bin/sh -c nice run-parts --report /etc/cron.daily
 5136 ?        SN     0:00 run-parts --report /etc/cron.daily
 5358 pts/4    Ss     0:00 bash
 5482 ?        S      0:00 [kworker/0:1]
 5487 ?        S      0:01 [kworker/2:0]
 5550 ?        Sl     1:15 /usr/lib/firefox/plugin-container /usr/lib/flashplugin-installer/libflashplayer.so -greomni /usr/lib/firefox/omni.ja 4957 true plugin
 5717 ?        S      0:00 /usr/lib/cups/notifier/dbus dbus:// 
 5824 ?        SN     0:00 /bin/sh /etc/cron.daily/update-notifier-common
 5825 ?        SN     0:00 /usr/bin/python /usr/lib/update-notifier/package-data-downloader
 5872 ?        Sl     0:00 /usr/lib/notify-osd/notify-osd
 5888 ?        S      0:00 /sbin/udevd --daemon
 5889 ?        S      0:00 /sbin/udevd --daemon
 5909 ?        S      0:00 /sbin/dhclient -d -4 -sf /usr/lib/NetworkManager/nm-dhcp-client.action -pf /var/run/sendsigs.omit.d/network-manager.dhclient-eth1.pid -lf /var/lib/dhcp/dhclient-f5f0
 5912 ?        S      0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.
 5975 pts/1    Ss+    0:00 /bin/sh -c '/home/bunyamin/Desktop/SSH Tunnel'
 5976 pts/1    S+     0:00 /bin/sh /home/bunyamin/Desktop/SSH Tunnel
 5977 pts/1    S+     0:00 ssh -p443 makarna@178.63.21.16 -L 8000:127.0.0.1:8000
 5980 ?        Sl     0:00 /usr/lib/gvfs/gvfsd-http --spawner :1.6 /org/gtk/gvfs/exec_spaw/2
 6034 ?        S      0:00 [kworker/u:0]
 6054 ?        S      0:00 [kworker/2:2]
 6070 ?        S      0:00 [kworker/0:3]
 6094 ?        Sl     0:02 gedit /home/bunyamin/Desktop/a.html
 6101 ?        S      0:00 [kworker/0:2]
 6130 pts/4    R+     0:00 ps ax

TinyProxy LOG

    connect to ad.adserverplus.com:80
mx1.u4gf.com - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/imp?Z=160x600&s=2959021&T=3&_salt=1516586745&B=12&m=2&u=http%3A%2F%2Fsunshinefelling.com%2Findex.php%3Fview%3Darticle%26catid%3D45%253Aplus-size-dresses%26id%3D7512%253A2012-01-25-22-42-00%26format%3Dpdf%26option%3Dcom_content%26Itemid%3D101&r=1 HTTP/1.0" - -
    bye
    bye
    bye
    connect to ad.adserverplus.com:80
    connect to ad.bharatstudent.com:80
    connect to ad.yieldmanager.com:80
142.91.199.250.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=0x0&y=29&s=2913320&_salt=2228719469&B=12&m=2&r=1 HTTP/1.0" - -
173.208.94.117 - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=0x0&y=29&s=3187816&_salt=462045326&B=12&m=2&r=1 HTTP/1.0" - -
mx1.a54m.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=300x250&s=2887338&T=3&_salt=2925281520&B=12&m=2&u=http%3A%2F%2Fsecretskirt.com%2Findex.php%3Foption%3Dcom_contact%26view%3Dcontact%26id%3D1%26Itemid%3D95&r=1 HTTP/1.0" - -
108.62.75.54.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=300x250&s=3218437&T=3&_salt=2939054384&B=12&m=2&u=http%3A%2F%2Fwww.vifinances.com%2Ffinance-investing%2Finsurance-investment%2Fis-life-insurance-investment-necessarily-the-way-to-go.html&r=1 HTTP/1.0" - -
    connect to ad.yieldmanager.com:80
    connect to ad.globe7.com:80
    bye
    connect to ad.globe7.com:80
    connect to ad.globe7.com:80
    bye
173.208.94.22 - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=728x90&s=2922824&T=3&_salt=705371051&B=12&m=2&u=%3A%2F%2Fsunshinefelling.com%2Findex.php%3Fview%3Darticle%26catid%3D44%3Amature-womens-fashion%26id%3D6917%3A2012-01-25-22-37-27%26tmpl%3Dcomponent%26print%3D1%26layout%3Ddefault%26page%3D&r=1 HTTP/1.0" - -
    bye
23.19.10.44.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/st?ad_type=iframe&ad_size=160x600&section=3512129&pub_url=${PUB_URL} HTTP/1.0" - -
    connect to ad.yieldmanager.com:80
    bye
142.91.189.27.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/imp?Z=0x0&y=29&s=3660215&_salt=2921537966&B=12&m=2&r=1 HTTP/1.0" - -
    connect to ad.scanmedios.com:80
    bye
142.91.217.158.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globaltakeoff.net/st?ad_type=iframe&ad_size=160x600&section=2077929&pub_url=${PUB_URL} HTTP/1.0" - -
23.19.76.194.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=728x90&s=3127996&T=3&_salt=1952612979&B=12&m=2&u=http%3A%2F%2Fwww.oseey.com%2Fpure-core-watch%2Fcarbon-fiber-watch%2Fcarbon-monoxide-poisoning-awareness.html&r=1 HTTP/1.0" - -
mx1.e6sb.com - - [17/Oct/2012 07:38:53] "GET http://ad.scanmedios.com/imp?Z=728x90&s=3522638&T=3&_salt=3444993091&B=12&m=2&u=http%3A%2F%2Fsunshinefelling.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D6013%3A2012-01-25-22-25-54%26catid%3D40%3Abig-beautiful-women-fashion%26Itemid%3D96&r=1 HTTP/1.0" - -
    connect to ad.tagjunction.com:80
    connect to ad.yieldmanager.com:80
    bye
    connect to ad.yieldmanager.com:80
23.19.76.154.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=300x250&section=2569393 HTTP/1.0" - -
    connect to ads.creafi-online-media.com:80
    bye
108.62.109.115.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=3315330&_salt=2385926515&B=12&m=2&r=1 HTTP/1.0" - -
142.91.217.214.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=3634166&T=3&_salt=1590442300&B=12&m=2&u=http%3A%2F%2Fwealthterritory.com%2Findex.php%3Foption%3Dcom_mailto%26tmpl%3Dcomponent%26link%3DaHR0cDovL3dlYWx0aHRlcnJpdG9yeS5jb20vaW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZ2aWV3PWFydGljbGUmaWQ9NDY2NDoyMDExLTA3LTA2LTEzLTI2LTUwJmNhdGlkPTQxOnNlcnZpY2VzJkl0ZW1pZ&r=1 HTTP/1.0" - -
108.62.185.184.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ads.creafi-online-media.com/imp?Z=728x90&s=2885766&T=3&_salt=107120374&B=12&m=2&u=http%3A%2F%2Feconomicccore.com%2Findex.php%3Foption%3Dcom_content%26view%3Dcategory%26layout%3Dblog%26id%3D48%26Itemid%3D98%26limitstart%3D45&r=1 HTTP/1.0" - -
    bye
    bye
    bye
    connect to ad.adserverplus.com:80
    connect to ad.yieldmanager.com:80
    connect to ad.tagjunction.com:80
    bye
108.62.75.252.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=728x90&section=3213387&pub_url=${PUB_URL} HTTP/1.0" - -
    bye
    connect to ad.tagjunction.com:80
    bye
    connect to ad.yieldmanager.com:80
173.208.94.29 - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/st?ad_type=iframe&ad_size=728x90&section=3006024&pub_url=${PUB_URL} HTTP/1.0" - -
23.19.31.84.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=2586703&_salt=2905995697&B=12&m=2&r=1 HTTP/1.0" - -
oxx-ef-Words.ipwagon.net - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/imp?Z=0x0&y=29&s=3630499&_salt=4037530564&B=12&m=2&r=1 HTTP/1.0" - -
142.91.185.53.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/imp?Z=0x0&y=29&s=3512541&_salt=1134875077&B=12&m=2&r=1 HTTP/1.0" - -
    connect to ad.globe7.com:80
108.177.187.37.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=300x250&s=3168350&T=3&_salt=548860046&B=12&m=2&u=http%3A%2F%2Flifehealthyliving.com%2Findex.php%3Fview%3Darticle%26catid%3D34%253Ahealthy-food%26id%3D4681%253A2012-05-16-20-40-19%26tmpl%3Dcomponent%26print%3D1%26layout%3Ddefault%26page%3D%26option%3Dcom_content%26Itemid%3D53&r=1 HTTP/1.0" - -
    connect to ad.adserverplus.com:80
    bye
    connect to ads.creafi-online-media.com:80
108.177.223.180.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=300x250&s=3331290&T=3&_salt=1270334669&B=12&m=2&u=http%3A%2F%2Fwww.vegls.com%2Faccident-attorneys-firms%2Fauto-accident-attorney%2Ffind-the-correct-auto-accident-attorney.html&r=1 HTTP/1.0" - -
    bye
142.91.185.38.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/st?ad_type=iframe&ad_size=160x600&section=818253 HTTP/1.0" - -
    connect to ad.yieldmanager.com:80
    bye
    bye
    bye
108.62.75.230.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ads.creafi-online-media.com/st?ad_type=pop&ad_size=0x0&section=3323456&banned_pop_types=29&pop_times=1&pop_frequency=86400&pub_url=${PUB_URL} HTTP/1.0" - -
    connect to ad.adserverplus.com:80
    bye
    connect to ad.adserverplus.com:80
    bye
142.91.217.194.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=300x250&s=3068801&T=3&_salt=1246107431&B=12&m=2&u=http%3A%2F%2Fmoodoffashionandbeauty.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D756%3A2011-07-13-13-13-43%26catid%3D36%3Afashion-clothes%26Itemid%3D55&r=1 HTTP/1.0" - -
    connect to ad.smxchange.com:80
108.62.185.235.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=300x250&section=3307618&pub_url=${PUB_URL} HTTP/1.0" - -
    connect to ad.globe7.com:80
    bye
    connect to ad.yieldmanager.com:80
    bye
    bye
    connect to ad.adserverplus.com:80
    connect to ad.yieldmanager.com:80
    connect to ad.adserverplus.com:80
    connect to ad.yieldmanager.com:80
108.177.168.183.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/imp?Z=300x250&s=3582877&T=3&_salt=3271923155&B=12&m=2&u=http%3A%2F%2Fwomenhealthroad.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D5780%3A2011-12-12-16-56-53%26catid%3D40%3Ahealth-issues%26Itemid%3D96&r=1 HTTP/1.0" - -
23.19.3.100.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=2895969&T=3&_salt=207805714&B=12&m=2&u=http%3A%2F%2Feconomicccore.com%2Findex.php%3Fview%3Darticle%26catid%3D46%253Aeconomic-news%26id%3D6079%253A2011-09-29-07-39-13%26format%3Dpdf%26option%3Dcom_content%26Itemid%3D96&r=1 HTTP/1.0" - -
    bye
142.91.199.212.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=300x250&section=2956039&pub_url=${PUB_URL} HTTP/1.0" - -
    bye
142.91.189.169.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=728x90&s=3004691&T=3&_salt=2747591679&B=12&m=2&u=http%3A%2F%2Fwww.qtsfinancial.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D5406%3Afinancial-statement-english-page%26catid%3D43%3Afinancial-analysis%26Itemid%3D99&r=1 HTTP/1.0" - -
    connect to ad.adserverplus.com:80
23.19.31.58.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=3323560&_salt=3172064457&B=12&m=2&r=1 HTTP/1.0" - -
    connect to ad.adserverplus.com:80
iei-ix-Words.ipwagon.net - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=728x90&s=3187813&T=3&_salt=1110944041&B=12&m=2&u=http%3A%2F%2Fwww.workinhouses.com%2Fhtml%2Fwallingford-ct-connecticuts-best-places-for-your-home.html&r=1 HTTP/1.0" - -
    connect to cookex.amp.yahoo.com:80
173.208.94.116 - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=300x250&section=3213592&pub_url=${PUB_URL} HTTP/1.0" - -
    bye
    bye
    connect to ad.yieldmanager.com:80
    connect to ads.creafi-online-media.com:80
    bye
108.62.75.99.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=160x600&s=2913321&T=3&_salt=333033369&B=12&m=2&u=http%3A%2F%2Ffashionstreetlight.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D28850%3A2011-12-20-12-59-39%26catid%3D45%3Afashion-accessories%26Itemid%3D101&r=1 HTTP/1.0" - -
    bye
142.91.217.208.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://cookex.amp.yahoo.com/v2/cexposer/SIG=18kthu27g/*http%3A//ad.yieldmanager.com/imp?Z=300x250&s=2682517&T=3&_salt=1378331643&B=12&m=2&u=http%3A%2F%2Fwww.economicwindows.com%2Findex.php%3Fview%3Darticle%26catid%3D40%253Afinancial-info%26id%3D3854%253A2011-07-06-13-25-37%26format%3Dpdf%26option%3Dcom_content%26Itemid%3D96&r=1 HTTP/1.0" - -
    bye
    bye
    bye
108.62.185.228.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=3315448&_salt=4241487555&B=12&m=2&r=1 HTTP/1.0" - -
108.62.185.220.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ads.creafi-online-media.com/st?ad_type=iframe&ad_size=728x90&section=3269968 HTTP/1.0" - -
    connect to ad.tagjunction.com:80
    bye
    connect to ad.globe7.com:80
    bye
142.91.185.47.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/st?ad_type=pop&ad_size=0x0&section=2958317&banned_pop_types=29&pop_times=1&pop_frequency=0&pub_url=${PUB_URL} HTTP/1.0" - -
    bye
108.177.168.183.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/imp?Z=160x600&s=3582877&T=3&_salt=1313872999&B=12&m=2&u=http%3A%2F%2Fwomenhealthroad.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D5753%3A2011-12-12-16-56-46%26catid%3D40%3Ahealth-issues%26Itemid%3D96&r=1 HTTP/1.0" - -
    connect to ad.tagjunction.com:80
    bye
    connect to ad.globe7.com:80
    bye
    connect to ad.adserverplus.com:80
108.62.75.53.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/imp?Z=300x250&s=3127172&T=3&_salt=2152278771&B=12&m=2&u=http%3A%2F%2Fwww.oslims.com%2Ffashion-coffee%2Ffashion-slimming-coffee%2Fso-whats-your-poison-coffee-or-tea.html&r=1 HTTP/1.0" - -
    connect to ad.yieldmanager.com:80
    bye
    bye
108.62.75.170.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=0x0&y=29&s=2909210&_salt=1773835502&B=12&m=2&r=1 HTTP/1.0" - -
23.19.79.3.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/st?ad_type=iframe&ad_size=728x90&section=3571505&pub_url=${PUB_URL} HTTP/1.0" - -
142.91.217.216.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=3630472&T=3&_salt=462936220&B=12&m=2&u=http%3A%2F%2Fwww.economicwindows.com%2Findex.php%3Fview%3Darticle%26catid%3D41%253Afinancial-services%26id%3D4854%253A2011-07-06-13-26-56%26tmpl%3Dcomponent%26print%3D1%26layout%3Ddefault%26page%3D%26option%3Dcom_content%26Itemid%3D97&r=1 HTTP/1.0" - -
    connect to ad.yieldmanager.com:80
    connect to ad.adserverplus.com:80
    connect to ad.yieldmanager.com:80
    bye
    connect to ad.yieldmanager.com:80
    bye
    connect to ad.yieldmanager.com:80
142.91.189.176.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=3187822&T=3&_salt=325267799&B=12&m=2&u=http%3A%2F%2Feconomysea.com%2Findex.php%3Foption%3Dcom_mailto%26tmpl%3Dcomponent%26link%3DaHR0cDovL2Vjb25vbXlzZWEuY29tL2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRlbnQmdmlldz1hcnRpY2xlJmlkPTYzNDk6MjAxMS0wOS0yOC0yMC0wNC0xOSZjYXRpZD00NzplY29ub21pYy1uZXdzJkl0ZW1pZD05Nw&r=1 HTTP/1.0" - -
    connect to ad.adserverplus.com:80
142.91.190.240.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=2956040&T=3&_salt=3354730349&B=12&m=2&u=http%3A%2F%2Fdomarketings.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D279%3AWhy-Contractor-Leads-Are-Best-For-Getting-Ideal-Construction-Prospects%26catid%3D2%3Abusiness&r=1 HTTP/1.0" - -
    bye
108.62.75.6.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=3323456&T=3&_salt=1244915826&B=12&m=2&u=http%3A%2F%2Fdomarketings.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D989%3AThe-Basics-of-Failure-Mode-and-Effective-Analysis%26catid%3D2%3Abusiness&r=1 HTTP/1.0" - -
    bye
142.91.217.220.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=728x90&s=2921135&T=3&_salt=1337464905&B=12&m=2&u=http%3A%2F%2Financezone.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D7236%3A2011-09-05-19-56-54%26catid%3D49%3Acareer-banking%26Itemid%3D99&r=1 HTTP/1.0" - -
    bye
    connect to ad.yieldmanager.com:80
108.62.178.229.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=160x600&section=3168350&pub_url=${PUB_URL} HTTP/1.0" - -
    connect to ad.yieldmanager.com:80
108.177.168.187.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.smxchange.com/st?ad_type=iframe&ad_size=300x250&section=3285387&pop_nofreqcap=1&pub_url=${PUB_URL} HTTP/1.0" - -
skg-wr-Words.ipwagon.net - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=3153972&_salt=3512711469&B=12&m=2&r=1 HTTP/1.0" - -
    bye
    connect to ad.yieldmanager.com:80
    bye
    connect to ad.yieldmanager.com:80
mx1.u4gf.com - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=2959021&T=3&_salt=1516586745&B=12&m=2&u=http%3A%2F%2Fsunshinefelling.com%2Findex.php%3Fview%3Darticle%26catid%3D45%253Aplus-size-dresses%26id%3D7512%253A2012-01-25-22-42-00%26format%3Dpdf%26option%3Dcom_content%26Itemid%3D101&r=1 HTTP/1.0" - -

2 ответа2

2

netstat -p (в linux - должен содержать список подключений и программ для этого подключения. Затем вы можете сопоставить это с вашими журналами или информацией whois на хостах, чтобы выяснить, какие соединения существуют, и какие программы их вызывают.

Если это внешнее соединение - например, если вы случайно оставили tinyproxy без каких-либо ограничений на доступ к нему, netstat не будет таким полезным. В этом случае рассмотрите возможность установки блоков allow и deny на tinyproxy соответствующим образом.

1

TinyProxy уже сообщает вам, что трафик идет через порт 80, поэтому я бы сделал это:

lsof -i tcp:80

который покажет все процессы, использующие порт 80.

Всё ещё ищете ответ? Посмотрите другие вопросы с метками .