I launched an ubuntu-14.04-64bit instance in Amazon EC2 two days back. And I started Tomcat 7.0.54 in that instance and deployed my application war files. It has no other software installed other than tomcat and the default ones. In the past 2 days, its shows 858 GB of Data Transfer(Network Out) from that instance. I have attached a graph of Amazon CloudWatch Metric "Network Out"
My application does not do any data download/upload. Its a Java Spring application and the front end is in HTML&Javascript. My application traffic was very low (less than 20 hits) in those 2 days.
Is there a way to find out why these data transfers happened and also to find what data has been transferred. If you can see in graph, network out was 20gb per minute.
Some more info:
Network in was negligible
CPU Utilization was very high
Everything else was low
Best Answer
As it seems that the traffic is not so rare, try to catch the transfer by some kind of alerting (can it be Amazon one or a custom script).
Then use
netstat, nethogs, ps, tcpdump,etc... to identify the traffic source.