How can I close a root process "unknown TCP" that shows up in nethogs?
I think my box has been pwned and using nethogs I see a root process of "unknown TCP". Can anyone tell me if this an expected process, what it may be for and if/how I can close it.
I changed my user password to try and stop this person but I am unsure yet if that is enough.
UPDATE Now I am also seeing this.. so pwned?
The "Nethogs" package will always show a fake process called "unknown TCP", that corresponds to everything it can't identify. Notice that it doesn't have a process ID, and the amount of data is shown as 0, indicating that there isn't any unknown traffic.
Here's the line from the nethogs source code where that line gets initialised:
(Source code download, look in process.cpp)
There's also a bug report on the nethogs sourceforge page explaining that it's normal: http://sourceforge.net/p/nethogs/bugs/17/
The "remote-login-service" process shown is owned by the lightdm user which is your login screen, and hasn't sent or received any data. I'm not sure if it normally runs by default, but it doesn't seem to be doing anything with the network in the screenshot you posted, so it should also be safe.
http://packages.ubuntu.com/saucy/remote-login-service
So, based on what you've posted, nothing appears to be out of the ordinary and (unless you find other evidence of problems) your computer is most likely secure. If you are truly worried, you could do a fresh install just to be sure.