If you can get access to your Veer's commandline, there should be a tool already in place. At least it's present in my Pre+ webOS 2.1, and I don't think I have installed it by myself.
(eth0 should do for wifi; for cellular data try ppp0 instead). You'll see many lines similar to:
tcpdump -i eth0 -p tcp or udp
; look for columns 3-5 -- "192.168.0.122.57232 > 192.168.0.192.ssh" and "192.168.0.192.ssh > 192.168.0.122.57232" in above example. Here they show traffic between 192.168.0.122 (my Pre) port 57232 and 192.168.0.192 (my laptop) port SSH.
20:34:13.758483 IP 192.168.0.192.ssh > 192.168.0.122.57232: S 205419010:205419010(0) ack 230516353 win 5792 <mss 1460,sackOK,timestamp 7337461[|tcp]>
20:34:13.765106 IP 192.168.0.122.57232 > 192.168.0.192.ssh: . ack 1 win 115 <nop,nop,timestamp 151591009 7337461>
20:34:13.773376 IP 192.168.0.122.57232 > 192.168.0.192.ssh: P 1:22(21) ack 1 win 115 <nop,nop,timestamp 151591012 7337461>
20:34:13.773529 IP 192.168.0.192.ssh > 192.168.0.122.57232: . ack 22 win 181 <nop,nop,timestamp 7337494 151591012>
For such massive traffic you should clearly see one host showing in majority of lines (the one that shows in ALL of them is your Veer ). This will be the host your mysterious traffic is flowing to, and port will most probably indicate what service (WWW? SIP? ...) it is. If the case still remains unclear, you can show few relevant lines here.
To identify sending process, see output of -- look for for the same hostort combination in "Foreing address" column; last column ("PID/Program name") shows what program talks to remote host. But, due to webOS architecture, you'll most probably see just LunaSysMgr...
You can also see what data are sent; use
(or ppp0 insted of eth0) -- if the traffic is not encrypted, you'll see what is being sent. But DON'T show this output in public -- there may be personal/confidential information, even if it's not visible at a glance.
tcpdump -i eth0 -p -s0 -A tcp or udp