In situations when it is required to identify which device from your local network is generating a specific data flow, it is possible to check the temporary conntrack-storage of
netfilter: /proc/net/ip_conntrack file.
This is applicable for most of the Linux based systems and in this particular case the output is from an Debian Wheezy system.
cat /proc/net/ip_conntrack
The expected output will be:
tcp 6 11 TIME_WAIT src=192.168.0.110 dst=2.20.113.224 sport=57691 dport=80 src=2.20.113.224 dst=81.196.37.227 sport=80 dport=57691 [ASSURED] mark=0 use=2 tcp 6 107 TIME_WAIT src=192.168.0.110 dst=64.15.112.150 sport=57750 dport=443 src=64.15.112.150 dst=81.196.37.227 sport=443 dport=57750 [ASSURED] mark=0 use=2 tcp 6 431974 ESTABLISHED src=192.168.0.60 dst=2.22.61.33 sport=64503 dport=443 src=2.22.61.33 dst=81.196.37.227 sport=443 dport=64503 [ASSURED] mark=0 use=2 tcp 6 431478 ESTABLISHED src=192.168.0.110 dst=65.54.167.17 sport=53570 dport=12350 src=65.54.167.17 dst=81.196.37.227 sport=12350 dport=53570 [ASSURED] mark=0 use=2 tcp 6 431974 ESTABLISHED src=192.168.0.60 dst=2.22.61.33 sport=64501 dport=443 src=2.22.61.33 dst=81.196.37.227 sport=443 dport=64501 [ASSURED] mark=0 use=2 udp 17 3 src=192.168.0.60 dst=192.168.0.253 sport=55967 dport=53 src=192.168.0.253 dst=192.168.0.60 sport=53 dport=55967 mark=0 use=2 tcp 6 431962 ESTABLISHED src=192.168.0.80 dst=157.56.192.94 sport=49837 dport=443 src=157.56.192.94 dst=81.196.37.227 sport=443 dport=49837 [ASSURED] mark=0 use