I have trouble. Almost every day(usually between 2 - 5 a.m.) some unknown program generate many gigabytes network traffic on linux server. How can I figure out which program is it? Maybe exist some daemon logger that can log it execution?
Thanks everyone)) Issue was solved.
You can install nethogs and use:
nethogs -t -d 100 eth0 > log.txt
-d 10 is delay of 100 seconds between each write.
-t is tracemode.
eth0 is interface name
It will mention pid and ip address and how much they recv and send.