UPDATE:
Since nethogs isn't helping you narrow down the cause, I suggest using netstat to view all tcp and udp activity.
Try the following command:
# netstat -atpn
a = is to display all
t = is to display TCP (you should also try with u to display UDP)
p = to display process name for established and listening connections
n = to prevent name resolution since that slows output down.
# netstat -atpn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 20519/httpd
tcp 0 0 0.0.0.0:19025 0.0.0.0:* LISTEN 15810/sendmail
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1668/sshd
tcp 0 0 23.23.16.41:80 19.15.63.42:60172 TIME_WAIT -
tcp 0 0 23.23.16.41:22 172.218.220.79:58498 ESTABLISHED 30607/sshd
The output will tell you which services are listening for connections (you should disable the ones you do not want), the established sessions, the ones recently closed..etc.. I suspect you will see many with port 80 or port 25 which means your PC has become a proxy server or spam relay. If you do then disable the httpd and email daemons until you can lock them down.