Something is using my network bandwidth

Discussion in 'Software' started by Vpw, Aug 9, 2009.

  1. Vpw

    Vpw Private E-2

    Hello,

    I am observing this behaviour on my PC (Windows XP, SP2 with Bit defender AV) since the last few days. As soon as I boot it up, I can see some network traffic ongoing at a continuous rate (upload more than downloads), though I have not run anything. I have Microsoft updates disabled, and afaik nothing else is being automatically updated. I have run a system scan with bit defender and it has not found anything which has resulted in stopping this.
    I have used Process Monitor and Tcp View SysInternals tools but am unable to see/find what/who is exactly using my bandwidth and what data is being sent to whom!!
    Pls let me know what I can to to track this down.

    I can see many svchosts running different services and I have a doubt if someone managed to add some registry entries and .dlls which are run with snvhost. Let me know what logs should I provide to troubleshoot this?

    thanks.
     
    Vpw, Aug 9, 2009
    #1
  2. satrow

    satrow Major Geek Extraordinaire

    Start > Run > type "cmd" and hit Enter, in the resulting box, type "netstat - n" (all without quotes), that will give you all current active network connections. F3 and Enter will refresh.

    A little Googling or Whois of the resulting IP entries should help you find the endpoints.
     
    satrow, Aug 9, 2009
    #2
  3. Vpw

    Vpw Private E-2

    Thanks for the quick response!

    Thanks. Pls see the below reply.

    Thanks. The What Is Transferring shows me, interestingly, that all traffic was only ICMP protocol, it seems to be broadcasting on 255.255.255.255 continuously, with the packets sent with something like:

    08 00 40 E7 02 00 B5 18 00 00 00 00 00 00 00 00
    08 00 3F E7 02 00 B6 18 00 00 00 00 00 00 00 00
    08 00 3E E7 02 00 B7 18 00 00 00 00 00 00 00 00
    ...

    in the first 2 bytes of the header(?) and the rest is all 0's. It seems like the protocol is broadcasting by decrementing the 3rd byte and incrementing the 7th serially. In ICMP header the first 8 bytes are type and the next 8 are code, so it seems like the Type field is being changed. Why is this happening? Is there some config which I have done incorrectly? the BW monitor shows me almost 80-85 KiB/s which seems quite high (I assume it incorrectly shows kiloBits as kB instead of kb, as I have only a 30-35 kBps connection).

    Also, these programs do not show me the processes using these connections.

    TIA for your comments/replies.
     
    Vpw, Aug 9, 2009
    #3
  4. markj

    markj Private E-2

    Code:
    Also, these programs do not show me the processes using these connections.
    Please try Microsoft Network Monitor. It provides quite extensive output.
     
    markj, Aug 9, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds