pythonnetwork-programmingwebsockettrafficunauthorized

How can I find out which program is sending data out, and what the data is?


I have a connection to a websocket server that some python code runs, and after some time (doesn't happen right away), it begins to send massive amounts of data "out" as shown in the screenshot. It's aroudn 4.8 megabytes per second on average. Prior to it starting to do this, it sends maybe 30 kb/s in what I assume is normal operation.

It can add up to hundreds of gigabytes in a day or two, depending on network speeds.

If I kill the original python process that was running and using the websocket client (kill -9 1234), it does not stop the traffic. I'm using Little Snitch for MacOS to obtain this information, and I feel like there is more info available under the surface I should be able to get to find out what's sending/receiving this data and what the data is.

If I terminate iTerm itself, the traffic still doesn't stop. If I launch regular Mac Terminal and do a ps aux | grep iterm I get nothing, and I get the same 4 processes shown in the screen shot if I do a | grep python...

This kind of throughput is really high, it's enough to be streaming my screen, uploading my entire hard drive, etc. or maybe it's just a code bug and it's sending garbage.

The only other relevant things I can think of adding right now are:

I have tried testing this by rebooting and just "not launching" my python code to get the websocket data, and basically I can wait a while and nothing seems to happen, so I think it's only happened after I launch the connection, and then I wait a while.

Sorry, I wish I knew how to get more relevant information for you, but if anyone has a good idea of how I can generate better logs or dig deeper I'd appreciate it.

screenshot of little snitch traffic


Solution

  • Sorry, I wish I knew how to get more relevant information for you, but if anyone has a good idea of how I can generate better logs or dig deeper I'd appreciate it.

    Wireshark will allow you to track all connections and check what is inside the packets.