Question

Locked

What could bring about constant Internet traffic without apparent reason?

By Healer ·
A Windows XP system while apparently doing nothing has Internet traffic received and transmitted about 15 meg every 30 seconds. That was what it showed on the NetComm NB6 ADSL2+ Router Traffic Statistics. It was discovered when the data usuage has gone up lately without apparent reason. One day after browsing on the Internet for about one and half hours without any file download, the data usage log went up to 1.5 Gigs. The Windows firewall is on without any unusual exception. The Norton Antivirus and Antispyware has been running on the computer for years. Everything is up to date. the netstat -nao does not show any suspicious connection. The msconfig and task manager do show quite a few things running. However I can't see any process or application could have incurred such traffic. There is no wireless connection. Only one computer is connected to the Internet.

Could it be something wrong with what is on the ISP side or the modem/router? The problem seems to have started to happen when the modem/router was replaced.a few months ago. How could the modem/router cause such problem?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Do a netstat at the command prompt

by robo_dev In reply to What could bring about co ...

netstat -an
and
netstat -b

My experience is that unexplained traffic is often a virus infection. Netstat -B will show you which process is initiating the connection. If it's an executable module other than the web browser, that can be a sign of virus infection.

Plus, of course, look closely at what outbound connections are being made. If the PC is connecting to a cable-modem in outer Mongolia, that's obviously an issue.

Note that several applications can and do 'phone home' for updates, such as Windows, Java, Adobe, and your Anti-Virus App.

Collapse -

Reponse To Answer

by Healer In reply to Do a netstat at the comma ...

I just keep getting communications from deploy.akamaitechnologies.com. I have turned off all the updated I can find, including Windows update, disable Norton Anti-Virus and its live update and so on. For some reason, I still can see Windows update on the Wireshark. With all the updates on, I got lots transmission error for some reason, Duplicate ACK, Retransmission (suspected).


C:\Documents and Settings\%username%>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 10.0.0.16:139 0.0.0.0:0 LISTENING
TCP 10.0.0.16:1054 125.56.204.104:80 ESTABLISHED
TCP 10.0.0.16:1055 125.56.204.104:80 ESTABLISHED
TCP 10.0.0.16:1056 125.56.204.104:80 ESTABLISHED
TCP 10.0.0.16:1057 125.56.204.104:80 ESTABLISHED
TCP 10.0.0.16:1060 125.56.205.120:80 ESTABLISHED
TCP 127.0.0.1:1025 127.0.0.1:27015 ESTABLISHED
TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27015 127.0.0.1:1025 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:9000 *:*
UDP 0.0.0.0:9001 *:*
UDP 0.0.0.0:61115 *:*
UDP 10.0.0.16:123 *:*
UDP 10.0.0.16:137 *:*
UDP 10.0.0.16:138 *:*
UDP 10.0.0.16:1900 *:*
UDP 10.0.0.16:5353 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1053 *:*
UDP 127.0.0.1:1059 *:*
UDP 127.0.0.1:1900 *:*


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\%username%>netstat -b

Active Connections

Proto Local Address Foreign Address State PID
TCP HOME:1046 a125-56.205-1.deploy.akamaitechnologies.com:http ESTABLISHED 1004
c:\windows\system32\WS2_32.dll
c:\windows\system32\WINHTTP.dll
[svchost.exe]

TCP HOME:1025 localhost:27015 ESTABLISHED 1928
[iTunesHelper.exe]

TCP HOME:27015 localhost:1025 ESTABLISHED 1360
[AppleMobileDeviceService.exe]

Windump output:
20:08:16.020723 IP HOME.1076 > a125-56.205-114.deploy.akamaitechnologies.com.80: P 2875630109:2875630310(201) ack 2223033594 win 65535
20:08:16.032560 IP a125-56.205-114.deploy.akamaitechnologies.com.80 > HOME.1076: . 1:1461(1460) ack 201 win 7504
20:08:16.033032 IP a125-56.205-114.deploy.akamaitechnologies.com.80 > HOME.1076: . 1461:2921(1460) ack 201 win 7504
20:08:16.033096 IP HOME.1076 > a125-56.205-114.deploy.akamaitechnologies.com.80: . ack 2921 win 65535
20:08:16.033371 IP a125-56.205-114.deploy.akamaitechnologies.com.80 > HOME.1076: . 2921:4381(1460) ack 201 win 7504

Back to Windows Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums