Results 1 to 6 of 6
Like Tree2Likes
  • 2 Post By briest
  1.    #1  
    Hi, all,

    I have a problem with a Veer running 2.1.2. The phone is sending out tremendous amounts of data, big 30MB+ chunks every 15min to an hour - when no apps are active.

    More details in this Veer Forum post:

    My question to the experts here is:

    How can I monitor data traffic in 2.1.2? Better yet, monitor and find which application is sending?
    I saw the thread on NetStat app, but the discussion was that it is not stable in 2.x.
    Anything else to let me find what is spitting out all that data from the phone?

    Also, what is a reliable way to stop database backups? This is on the suspicion that the phone is attempting to backup something and crashes - although I am not convinced; the outbound traffic is in the range of 1GB in a day!.

    Thanks for any suggestions. Robert.
  2. briest's Avatar
    137 Posts
    Global Posts
    138 Global Posts
    If you can get access to your Veer's commandline, there should be a tool already in place. At least it's present in my Pre+ webOS 2.1, and I don't think I have installed it by myself.

    Just try
    tcpdump -i eth0 -p tcp or udp
    (eth0 should do for wifi; for cellular data try ppp0 instead). You'll see many lines similar to:
    20:34:13.758483 IP > S 205419010:205419010(0) ack 230516353 win 5792 <mss 1460,sackOK,timestamp 7337461[|tcp]>
    20:34:13.765106 IP > . ack 1 win 115 <nop,nop,timestamp 151591009 7337461>
    20:34:13.773376 IP > P 1:22(21) ack 1 win 115 <nop,nop,timestamp 151591012 7337461>
    20:34:13.773529 IP > . ack 22 win 181 <nop,nop,timestamp 7337494 151591012>
    ; look for columns 3-5 -- " >" and " >" in above example. Here they show traffic between (my Pre) port 57232 and (my laptop) port SSH.

    For such massive traffic you should clearly see one host showing in majority of lines (the one that shows in ALL of them is your Veer ). This will be the host your mysterious traffic is flowing to, and port will most probably indicate what service (WWW? SIP? ...) it is. If the case still remains unclear, you can show few relevant lines here.

    To identify sending process, see output of
    netstat -ptu
    -- look for for the same hostort combination in "Foreing address" column; last column ("PID/Program name") shows what program talks to remote host. But, due to webOS architecture, you'll most probably see just LunaSysMgr...

    You can also see what data are sent; use
    tcpdump -i eth0 -p -s0 -A tcp or udp
    (or ppp0 insted of eth0) -- if the traffic is not encrypted, you'll see what is being sent. But DON'T show this output in public -- there may be personal/confidential information, even if it's not visible at a glance.
  3.    #3  
    Man, you are brilliant!
    I think I found my problem. I am not sure yet why, but I know what is spitting out the data.

    Per your advice, I ran Linux terminal on the Veer, from my PC via WebOS Quick-Install. By now, the phone has sent out about a half GB of data since this morning.

    Using "tcpdump -i eth0 -p tcp or udp", I saw blasts of:

    17:56:27.649976 IP > . 26513265:26514713(1448) ack 63 win 46 <nop,nop,timestamp 4066240853 124778>

    and so on.

    Odyssey.nocdirect happens to be the hosting server for my POP3 account (I do have one POP3 and three Gmail accounts set up on the phone). I deleted the POP3 account from the phone. For past two hours, I see the regular bursts of:

    18:11:16.199012 IP vbvbvb-$in$-$f99$.$1e100$.$net$.$www$ &$gt$; $192$.$168$.$1$.$112$.$47802$: $P$ $1419$:$2299$($880$) $ack$ $803$ $win$ $1000$ &$lt$;$nop$,$nop$,$timestamp$ $2993504580$ $213983$&$gt$; is a Google domain - the phone still polls my Goggle account, but there is no data traffic in result.

    Excellent. Now I can experiment to see what happened. Possible thoughts are that the phone-to-server synchronizing process glitched or that something humongous was stuck in the SMTP outbox (though invisible in email app) and the server kept rejecting it after uploads.
    My plan is to restore the account and experiment.

    Thanks again for your help! Robert

    Update: 4 hours since deleting/restoring the POP3 account - still no undesired data traffic. Nice.
    Last edited by rdwalker; 05/10/2013 at 11:31 PM.
  4. #4  
    Is there a remedy for those who are not familiar with Linux terminal and all that gibberish?
    Was sucked into Palm when I bought the glorious Treo650, somehow subsequent phones didn't live up to expectations.
  5. #5  
    Quote Originally Posted by crowning73 View Post
    Is there a remedy for those who are not familiar with Linux terminal and all that gibberish?
    You can also fix the problem by backing up your data and running webos doctor. :-)
  6. #6  
    Hi all, Hi Briest,

    very nice codes!

    I have a question and would be very happy if you could help me!

    I have the same problem like rdwalker and with your codes i found the server
    i am always connected to: . Sync is off. How can i block it?

    Is there maybe a nice code?

    Thanks in advance, Schmunzel

Similar Threads

  1. "u" > "you", how to disable replacement during writing
    By rudej in forum General News & Discussion
    Replies: 2
    Last Post: 01/25/2010, 06:44 PM
  2. storage depot can't ".add" or ".simpleAdd" any data
    By pablosbrain in forum webOS Development
    Replies: 2
    Last Post: 09/29/2009, 04:18 PM
  3. "Find Next" option for Palm global find function
    By mattjh in forum General News & Discussion
    Replies: 0
    Last Post: 09/22/2007, 10:04 PM
  4. Press "C" to find people starts with "C" in my contacts??
    By batmon in forum Palm OS Devices & Apps
    Replies: 4
    Last Post: 03/21/2006, 11:12 PM
  5. "Find" brings up "Dial number" window
    By cloudedvision in forum Palm OS Devices & Apps
    Replies: 2
    Last Post: 12/29/2005, 04:20 AM

Posting Permissions