You are Here:
Linux Lite 7.0 Final Released - See Release Announcement Section



Wireshark detected ongoin traffic on Linux lite clean installation, phonin home"

Author (Read 12263 times)

0 Members and 2 Guests are viewing this topic.

 

trinidad

  • Platinum Level Poster
  • **********
  • 1501
    Posts
  • Reputation: 218
  • Linux Lite Member
    • View Profile
    • dbts-analytics.com

  • CPU: i7 4 cores 8 threads

  • MEMORY: 16Gb

  • VIDEO CARD: Intel HD graphics

  • Kernel: 6.x
Congratulations. Your research and effort answered your question. Please mark this as solved.
https://www.linux.com/topic/networking/introduction-ss-command/
TC


All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
 

 

phili

  • New to Forums
  • *
  • 10
    Posts
  • Reputation: 0
  • Linux Lite Member
    • View Profile
For the new ones reading this, i installed a new clean linux lite installation, in a different vm, with internet access from the start, and the answer is that the canonical UK connection one is another NTP protocol  as the Regional NTP protocole one i mentioned before(the "University" server, thats just a server that a Universtity here in my country uses to serve open source NTP connections, you can read more about the NTP initiative on wiki if youre interested), is a normal connection that some distros or OS do in order to update correctly their internal clocks.

As an example, sometimes the browser navigators(as chrome, firefox or brave), give errors when the internal computer or OS time isnt right, and one of the reasons of it is because the NTP protocol isnt working propertly(Or sometimes is just an program that have to be updated eg: you have an old version of chrome or firefox, etc and needs to be updated).

So for that is needed the NTP protocol connection.

Theres not a telemetry per se connection, nor a data connection, just an update internal clock/time connection.

The reason debian and arch doesnt do it by default(in arch one has to disabled the network first helper connection), is because they do it from time to time, not inmediately when one is connected to the internet. Theres some advantages and disadvantages for that. But for most people is important that the OS make a first NTP connection in order to keep all the programs updated and up and running(mostly the ones that needs internet as the example i did previously with the browsers).

Edited 1: In arch one must first disable the network automatic connection one, in order to "not make" any outside innecesary connections, and in this case, most people dont do this, so if you see some outside connections there, is just a network protocol that you can disable if you want.

LTDR:

So, case closed, the two outside connections are just NTP protocol connections that is required in all OS(in this case Distros), in order to function properly with the internet and some apps and programs. Some distros make it automatically some make it just when one open a browser or press the update button, or if theres some programed updates too.
Heres some screenshot of the new installation showcasing better the NTP protocol. So, problem solved.

Edted 1: Linux lite is one of my first Linux distro that i used for main desktop work(programming stuff), and recently i wanted to install it again to see if i can make it work properly with docker and stuff. So all this concerned comes from a guy that really loves this distro, and is good to know this distro is doing what it says, is a stable distro with the minimal ubuntu stuff needed to work(As is linux mint), but personally this distro is more easy to follow than mint, and is easier to use (or is just preference idk). Anyways, case solved. See ya.
« Last Edit: January 16, 2024, 03:53:57 PM by phili »
 

 

phili

  • New to Forums
  • *
  • 10
    Posts
  • Reputation: 0
  • Linux Lite Member
    • View Profile
For the new ones reading this, i installed a new clean linux lite installation, in a different vm, with internet access from the start, and the answer is that the canonical UK connection one is another NTP protocol  as the Regional NTP protocole one i mentioned before(the regional University server, that here in my country is used to serve the open source ntp protocol), is a normal connection that some distros or OS do in order to update correctly their internal clocks.

As an example, sometimes the browser navigators(as chrome, firefox or brave), give errors when the internal computer or OS time isnt right, and one of the reasons of it is because the NTP protocol isnt working propertly(Or sometimes is just an program that have to be updated eg: you have an old version of chrome or firefox, etc and needs to be updated).

So for that is needed the NTP protocol connection.

Theres not a telemetry per se connection, nor a data connection, just an update internal clock/time connection.

The reason debian and arch doesnt do it by default(in arch one has to disabled the network first helper connection), is because they do it from time to time, not inmediately when one is connected to the internet. Theres some advantages and disadvantages for that. But for most people is important that the OS make a first NTP connection in order to keep all the programs updated and up and running(mostly the ones that needs internet as the example i did previously with the browsers).

Edited 1: In arch one must first disable the network automatic connection one, in order to "not make" any outside innecesary connections, and in this case, most people dont do this, so if you see some outside connections there, is just a network protocol that you can disable if you want.

LTDR:

So, case closed, the two outside connections are just NTP protocol connections that is required in all OS(in this case Distros), in order to function properly with the internet and some apps and programs. Some distros make it automatically some make it just when one open a browser or press the update button, or if theres some programed updates too.
« Last Edit: January 15, 2024, 04:01:37 PM by phili »
 

 

phili

  • New to Forums
  • *
  • 10
    Posts
  • Reputation: 0
  • Linux Lite Member
    • View Profile
Well you didn't really ask a question but formed it more like an accusation, and one that now clutters the forum, so yes you created a stupid and falsely founded meme with your reference "phoning home". I gave you a simple first step test answer, but did you bother to try changing mirrors and run a new scan? There are very easy ways to track down what's actually connecting to your computer already included in Linux Lite other than wireshark.
TC     

So, you care about the forum but use tough words to make it more friendly?, great stuff men, good job. Read again my first post, theres at least 4 questions in it, i was making a question, i wasnt accusing per se, and i indicate it as a question post(with the question symbol), not an informational one, so even in the type of post, im indicating as a question, now, isnt my fault that this post can even be deleted(as i mentioned before that ill be deleting this post if theres no detailed anwser), or even the title of the post can be modified if that whats upset you about, except my own comments in it, and your anwser just make it better for the new ones reading it, nice job.

And really, youre appearantly not the mantainer of the Distro, so why you anwser me?, and why youre here to help in a friendly forum if youre not a friendly helper? To this comment theres no single tough word i used.

And now i simply want to delete all this. if i was a community helper in a distro community, i certainly at least, give a more complete answer to the public, not dry short words. I started by example to explain what is a mirror, and why is important to change it in order to verified if that connection repeat again, and a possible explanation of why the first canonical in UK connection happened before in the first place. Reread all your post, theyre all dry short non explainable anwsers.

Good job. Keep it up the good work. Even if theres no connection per se, your answers and the words you used are the ones that make this post a not friendly one. Every forum has posts with people in their "ignorance" question stuff. And thats not a reason for it.

Note: You can ban me, at least that could be a way to delete this post and delete my profile, if youre still worried about it, that by the way, i cant delete(theres no delete profile option in the actions tab-like button in the profile section).
 

 

trinidad

  • Platinum Level Poster
  • **********
  • 1501
    Posts
  • Reputation: 218
  • Linux Lite Member
    • View Profile
    • dbts-analytics.com

  • CPU: i7 4 cores 8 threads

  • MEMORY: 16Gb

  • VIDEO CARD: Intel HD graphics

  • Kernel: 6.x
Well you didn't really ask a question but formed it more like an accusation, and one that now clutters the forum, so yes you created a stupid and falsely founded meme with your reference "phoning home". I gave you a simple first step test answer, but did you bother to try changing mirrors and run a new scan? There are very easy ways to track down what's actually connecting to your computer already included in Linux Lite other than wireshark.
TC     
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
 

 

phili

  • New to Forums
  • *
  • 10
    Posts
  • Reputation: 0
  • Linux Lite Member
    • View Profile
Try a different mirror. By the way wireshark itself could be causing the connection depending on your actual location. Nothing is phoning home. Stop with the stupid meme.
Quote
I dont understand
You're right you don't. The only thing you can honestly assume is that you're not going pull a TLD cruncher in a scan without a reason. Most likely location is the issue. Try a different mirror.


TC
Which meme are you talking about, and why youre using though words?, i thought this was a friendly forum in a friendly distro, you guys are doing an excelente job reflecting that to the community. Great job guys.

Hows wireshark connecting to canonical servers?, can you explain that?, i already mentioned that im not very knowleadgeable in connections stuff, but enough to know what is goin in and out, not much about what app or tcp crunch or all that terms that you comment without further explanation, if this a friendly forum one thinks that people respond with a trhoughly anwser, not dry words, and though words when a guy questions a little much that the rest.

Great stuff guys, good job.
 

 

trinidad

  • Platinum Level Poster
  • **********
  • 1501
    Posts
  • Reputation: 218
  • Linux Lite Member
    • View Profile
    • dbts-analytics.com

  • CPU: i7 4 cores 8 threads

  • MEMORY: 16Gb

  • VIDEO CARD: Intel HD graphics

  • Kernel: 6.x
Try a different mirror. By the way wireshark itself could be causing the connection depending on your actual location. Nothing is phoning home. Stop with the stupid meme.
Quote
I dont understand
You're right you don't. The only thing you can honestly assume is that you're not going pull a TLD cruncher in a scan without a reason. Most likely location is the issue. Try a different mirror.


TC
« Last Edit: January 14, 2024, 10:27:01 AM by trinidad »
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
 

 

phili

  • New to Forums
  • *
  • 10
    Posts
  • Reputation: 0
  • Linux Lite Member
    • View Profile
Quote
What element of Linux lite is Ubuntu providing support?
This command will show the repositories.
Code: [Select]
inxi -r
Quote
how were you so sure about that any Operating system has to be phonin home when is connected to the internet

Your original query asked for a way to stop ALL outgoing connections from the system.  There can be no outgoing connections if the Internet is not connected.  This would include outgoing telemetry if present, but nothing about telemetry should be inferred.

Quote
Im trying to understand the online connections of the system
You have the tools to determine exactly what your system is doing.

My original post has a edited section(that i made in minutes after the post sended) clarifying that I wondered about the canonical one, and theres just two outgoing connections and i said that the ntp one is out of the question, you didnt read well. And even after all this answers you dont know about the canonical one, youre as clueless as me(for what it seems), yet you answer as if you know it perfectly, yet not claryfication at all. thanks for your dry words, and see ya, dont worry ill erase this post, i made it, only to know this thing, and as the purpose of that isnt made, im done with it, see ya.
 

 

stevef

  • Global Moderator
  • Gold Level Poster
  • *****
  • 915
    Posts
  • Reputation: 162
  • Linux Lite Member
    • View Profile

  • CPU: Intel Core i5-4460

  • MEMORY: 16Gb

  • Kernel: 5.x
Quote
What element of Linux lite is Ubuntu providing support?
This command will show the repositories.
Code: [Select]
inxi -r
Quote
how were you so sure about that any Operating system has to be phonin home when is connected to the internet

Your original query asked for a way to stop ALL outgoing connections from the system.  There can be no outgoing connections if the Internet is not connected.  This would include outgoing telemetry if present, but nothing about telemetry should be inferred.

Quote
Im trying to understand the online connections of the system
You have the tools to determine exactly what your system is doing.
clueless
 

 

phili

  • New to Forums
  • *
  • 10
    Posts
  • Reputation: 0
  • Linux Lite Member
    • View Profile
Quote
So why debian and arch doesnt have a home server connection even when connected to the internet?
Someone who uses debian or arch may be able to help answer this.
Quote
arent the linux lite updates filtered and provided by the linux lite mantainers?, why have to be connected directly from canonical?
Specific Linux Lite software is provided by Linux Lite.  Linux Lite is based on Ubuntu LTS so the canonical repositories provide support for that element of Linux Lite.

What element of Linux lite is Ubuntu providing support? If you dont know how debian and arch isnt phonin home to their respecting servers, how were you so sure about that any Operating system has to be phonin home when is connected to the internet, as your phrase "To stop all outgoing connections disconnect the system from the internet." infering and in the context of that.

Im trying to understand the online connections of the system, i like linux lite, it is stable and it just works, but i like to analyze when a system is making connections in order to know which level of privacy it has. I dont really hate even ubuntu, and i dont have any preffered linux distro, just wanted to know how things work in any given Linux distro or OS for that matter.
 

 

stevef

  • Global Moderator
  • Gold Level Poster
  • *****
  • 915
    Posts
  • Reputation: 162
  • Linux Lite Member
    • View Profile

  • CPU: Intel Core i5-4460

  • MEMORY: 16Gb

  • Kernel: 5.x
Quote
So why debian and arch doesnt have a home server connection even when connected to the internet?
Someone who uses debian or arch may be able to help answer this.
Quote
arent the linux lite updates filtered and provided by the linux lite mantainers?, why have to be connected directly from canonical?
Specific Linux Lite software is provided by Linux Lite.  Linux Lite is based on Ubuntu LTS so the canonical repositories provide support for that element of Linux Lite.
clueless
 

 

phili

  • New to Forums
  • *
  • 10
    Posts
  • Reputation: 0
  • Linux Lite Member
    • View Profile
https://about.rdap.org/
https://en.wikipedia.org/wiki/Registration_Data_Access_Protocol
Basically assures against privacy invasion. Good not bad.
TC

I dont understand, do you mean, the canonical UK connection one? 91.189.91.157 ? is a protocol to ensure privacy connections and filtered?
 

 

phili

  • New to Forums
  • *
  • 10
    Posts
  • Reputation: 0
  • Linux Lite Member
    • View Profile
Quote
Why is that?
Difficult to be sure with the information provided, could be the canonical server traffic is related to checking for and downloading updates.
How are you identifying the traffic is 'telemetry' ?

Quote
how can i remove those connections?
Consider using an external independent firewall to control traffic.

Quote
some way i can make it very vanilla without any outgoing connections
To stop all outgoing connections disconnect the system from the internet.

So why debian and arch doesnt have a home server connection even when connected to the internet?

About telemetry read the context, i was talking about snap and canonical connections.

You mentioned updates as the reason why theres some canonical connections(UK server of canonical), but arent the linux lite updates filtered and provided by the linux lite mantainers?, why have to be connected directly from canonical?

Edited: also, i was about to send a screenshot but the forum doesnt allow any img format file to submit, and to copy and paste all the information.
Edited 2: Sended the screenshot in a 7zip format in order to be able to submit here. Noted that i dont talk about the other connections as theyre local normal network connections, just the one already mentioned(the canonical one: 91.189.91.157 from the UK server).
« Last Edit: January 13, 2024, 03:08:50 PM by phili »
 

 

trinidad

  • Platinum Level Poster
  • **********
  • 1501
    Posts
  • Reputation: 218
  • Linux Lite Member
    • View Profile
    • dbts-analytics.com

  • CPU: i7 4 cores 8 threads

  • MEMORY: 16Gb

  • VIDEO CARD: Intel HD graphics

  • Kernel: 6.x
https://about.rdap.org/
https://en.wikipedia.org/wiki/Registration_Data_Access_Protocol
Basically assures against privacy invasion. Good not bad.
TC
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
 

 

stevef

  • Global Moderator
  • Gold Level Poster
  • *****
  • 915
    Posts
  • Reputation: 162
  • Linux Lite Member
    • View Profile

  • CPU: Intel Core i5-4460

  • MEMORY: 16Gb

  • Kernel: 5.x
Quote
Why is that?
Difficult to be sure with the information provided, could be the canonical server traffic is related to checking for and downloading updates.
How are you identifying the traffic is 'telemetry' ?

Quote
how can i remove those connections?
Consider using an external independent firewall to control traffic.

Quote
some way i can make it very vanilla without any outgoing connections
To stop all outgoing connections disconnect the system from the internet.
clueless
 

 

-->
X Close Ad

Linux Lite 7.0 Final Released - See Release Announcement Section