Check outgoing network traffic
I would recommend iptraf or
iftop if you don't need that much
functionality. From the iptraf
homepage:
IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts. Features
- An IP traffic monitor that shows information on the IP traffic passing over your network. Includes TCP flag information, packet and byte counts, ICMP details, OSPF packet types.
- General and detailed interface statistics showing IP, TCP, UDP, ICMP, non-IP and other IP packet counts, IP checksum errors, interface activity, packet size counts.
- A TCP and UDP service monitor showing counts of incoming and outgoing packets for common TCP and UDP application ports
- A LAN statistics module that discovers active hosts and shows statistics showing the data activity on them
- TCP, UDP, and other protocol display filters, allowing you to view only traffic you're interested in.
- Logging
- Supports Ethernet, FDDI, ISDN, SLIP, PPP, and loopback interface types.
- Utilizes the built-in raw socket interface of the Linux kernel, allowing it to be used over a wide range of supported network cards.
- Full-screen, menu-driven operation.
Screenshot of the iptraf main menu:
This is a screenshot if iftop:
You could save the outgoing data using tcpdump, but that is so much (and much of it is encrypted) that it won't be of any real use.
Better than finding out how you were burglarized after the fact is to make burglary harder... check what is installed, make sure it is up to date, delete unneeded stuff, get rid of non-official software (and repositories), configure the local firewall, do not disable SELinux or similar security, use good passwords, be careful with the websites you visit, all the normal hygiene.