0

I've been trying to uncover the origin of some network calls, specifically to ip addresss associated with bc.googleusercontent.com

I'm a bit curious why this network activity only happens when using Firefox and from what I've read googleusercontent.com is reported as both a service for individuals outside the google ecosphere for private businesses, etc., as well as being used by google itself.

Using tcpdump on my network adapter and filtering with grep for bc.googlecontent.com isolates the activity, but now I need to dig deeper and find out what service/program etc. is activating these calls.

Strace was recommended, however, it needs the PID which I can't get on a per connection basis or if it happens it's gone quickly so unable to see it. Is there some way to use strace so that it will do the necessary filtering upfront, thereby eliminating all the other activity or better, another linux program I can use to immediately get the name of the program making these connections.

Thank you.

jeffschips
  • 499

1 Answers1

0

set up pihole dns (adblocker). it will 1) block it 2) show you all the relevant request info in a nice pretty screen

docker container? never done it that way - but most do it seems. Especially if just as a temp tool.

using pihole would block the url for every machine that uses it for dns. No machine to machine config required.

This is almost certainly a call to a api-login w/ google credentials, even if blocked on page by some content hider...

or it's the web site code calling out to google for stats, ad info etc. nearly every site does this because there is no such thing as "search engine optimization" anymore. It's all google ad sense and pay for views. So Ii suspect this is what it is most.

Hope that's some what helpful to someone someday!

Nonya
  • 1