Windows XP help - What's using my bandwidth?

PCbanter (http://www.pcbanter.net/index.php)

- Windows 7 Forum (http://www.pcbanter.net/forumdisplay.php?f=48)

- - What's using my bandwidth? (http://www.pcbanter.net/showthread.php?t=1107030)

What's using my bandwidth?

I think this is a FAQ, but I can't remember the A if there is one .. (-:

I use bitMeter2 with the audio feedback turned on; I know this would
drive most people nuts, but each to his own. It alerts me to unusual
activity.

Of late, I've noticed something is using my bandwidth to a TINY but
fairly consistent extent: I have BM2 set to alert every 100 kB, and it's
doing so about every 28-30 seconds - as you can see, very low level, but
higher than before. Looking at the graph in BM2, it's about 1/3 or 1/4
outgoing, 2/3 or 3/4 incoming. http://255soft.uk/temp/Clipboard01.gif is
a sample grab (red is incoming, green outgoing [shows as yellow where
coincident with incoming]) - as you can see, we're not talking huge data
volumes here!

I've turned off everything _I_ can think of that might be causing it, to
no effect. Eventually, random sniping in Task Manager, I found one of
the svchost instances (there are currently 13 of them, all belonging to
"User"s LOCAL SERVICE, NETWORK SERVICE, or SYSTEM - none to me) is
responsible, but I'm none the wiser of course. And killing it, it
reappears after a few tens of seconds. But obviously I don't want to go
just killing random processes in TM.

Being less paranoid than some here, I'm not too _worried_ - at such a
low rate, it's not exactly looting my pron collection, and it's more
incoming than outgoing anyway, which makes me _doubt_ it's some sort of
security probing. I'm just _curious_ as to what it is - and I feel that
surely it must be a common wonderment, and I'd have thought there must
be some way simpler than using Wireshark or Process Explorer to answer
the simple question in the subject.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Norman Tebbitt has the irritating quality of being much nicer in person than
he is in print. - Clive Anderson, RT 1996/10/12-18

What's using my bandwidth?

J. P. Gilliver (John) wrote:
I think this is a FAQ, but I can't remember the A if there is one .. (-:

I use bitMeter2 with the audio feedback turned on; I know this would
drive most people nuts, but each to his own. It alerts me to unusual
activity.

Of late, I've noticed something is using my bandwidth to a TINY but
fairly consistent extent: I have BM2 set to alert every 100 kB, and it's
doing so about every 28-30 seconds - as you can see, very low level, but
higher than before. Looking at the graph in BM2, it's about 1/3 or 1/4
outgoing, 2/3 or 3/4 incoming. http://255soft.uk/temp/Clipboard01.gif is
a sample grab (red is incoming, green outgoing [shows as yellow where
coincident with incoming]) - as you can see, we're not talking huge data
volumes here!

I've turned off everything _I_ can think of that might be causing it, to
no effect. Eventually, random sniping in Task Manager, I found one of
the svchost instances (there are currently 13 of them, all belonging to
"User"s LOCAL SERVICE, NETWORK SERVICE, or SYSTEM - none to me) is
responsible, but I'm none the wiser of course. And killing it, it
reappears after a few tens of seconds. But obviously I don't want to go
just killing random processes in TM.

Being less paranoid than some here, I'm not too _worried_ - at such a
low rate, it's not exactly looting my pron collection, and it's more
incoming than outgoing anyway, which makes me _doubt_ it's some sort of
security probing. I'm just _curious_ as to what it is - and I feel that
surely it must be a common wonderment, and I'd have thought there must
be some way simpler than using Wireshark or Process Explorer to answer
the simple question in the subject.

You could use TCPView and sort by transmitted or received packet count.
To make the culprit float to the top.

https://docs.microsoft.com/en-us/sys...nloads/tcpview

Run Process Explorer as Administrator. This no longer runs
in WinXP, but should work on later OSes. In particular, you
can "sort by PID", highlight a service host and do Properties,
and see what's running in the thread view perhaps.

https://docs.microsoft.com/en-us/sys...ocess-explorer

This kinda crap happens in Windows 10, and may be tied to
Delivery Optimization ("dosvc"). While Windows 10 initially
might have used BITS for every download purpose, the "dosvc"
is like a Torrent, and allows one Windows 10 machine to
share files with another Windows 10 machine. I don't think
these have been ported to Windows 7.

I have a test setup for Windows 10, where I use GPEDIT to
disable "dosvc" and that's supposed to cause all downloads
to switch to BITS. The advantage of doing that, might be
that BITS has more manageable router behavior (can engineer
hog-stopping on BITS via limiting the max connections).
However, after the test setup was switched to BITS, the
OS "refuses" to do updates :-)

Anyway, enjoy your new hobby. I've always enjoyed the IP
addresses that don't reverse-translate and so on. With
that sort of thing present, who would possibly end up with
a paranoia ? The machine should always have unchartable
activities going on, just to "keep you awake".

Paul

What's using my bandwidth?

On Sat, 05 Jan 2019 06:10:51 -0500, Paul
wrote:

J. P. Gilliver (John) wrote:
I think this is a FAQ, but I can't remember the A if there is one .. (-:

I use bitMeter2 with the audio feedback turned on; I know this would
drive most people nuts, but each to his own. It alerts me to unusual
activity.

Of late, I've noticed something is using my bandwidth to a TINY but
fairly consistent extent: I have BM2 set to alert every 100 kB, and it's
doing so about every 28-30 seconds - as you can see, very low level, but
higher than before. Looking at the graph in BM2, it's about 1/3 or 1/4
outgoing, 2/3 or 3/4 incoming. http://255soft.uk/temp/Clipboard01.gif is
a sample grab (red is incoming, green outgoing [shows as yellow where
coincident with incoming]) - as you can see, we're not talking huge data
volumes here!

I've turned off everything _I_ can think of that might be causing it, to
no effect. Eventually, random sniping in Task Manager, I found one of
the svchost instances (there are currently 13 of them, all belonging to
"User"s LOCAL SERVICE, NETWORK SERVICE, or SYSTEM - none to me) is
responsible, but I'm none the wiser of course. And killing it, it
reappears after a few tens of seconds. But obviously I don't want to go
just killing random processes in TM.

Being less paranoid than some here, I'm not too _worried_ - at such a
low rate, it's not exactly looting my pron collection, and it's more
incoming than outgoing anyway, which makes me _doubt_ it's some sort of
security probing. I'm just _curious_ as to what it is - and I feel that
surely it must be a common wonderment, and I'd have thought there must
be some way simpler than using Wireshark or Process Explorer to answer
the simple question in the subject.

You could use TCPView and sort by transmitted or received packet count.
To make the culprit float to the top.

https://docs.microsoft.com/en-us/sys...nloads/tcpview

Run Process Explorer as Administrator. This no longer runs
in WinXP, but should work on later OSes. In particular, you
can "sort by PID", highlight a service host and do Properties,
and see what's running in the thread view perhaps.

I have a Process Explorer running on my XP, it's version 11.13,
probably ancient. I don't seem to be able to 'sort on PID' with it. I
still have the zip file it came in if it's of any use to anyone.

https://docs.microsoft.com/en-us/sys...ocess-explorer

This kinda crap happens in Windows 10, and may be tied to
Delivery Optimization ("dosvc"). While Windows 10 initially
might have used BITS for every download purpose, the "dosvc"
is like a Torrent, and allows one Windows 10 machine to
share files with another Windows 10 machine. I don't think
these have been ported to Windows 7.

I have a test setup for Windows 10, where I use GPEDIT to
disable "dosvc" and that's supposed to cause all downloads
to switch to BITS. The advantage of doing that, might be
that BITS has more manageable router behavior (can engineer
hog-stopping on BITS via limiting the max connections).
However, after the test setup was switched to BITS, the
OS "refuses" to do updates :-)

Anyway, enjoy your new hobby. I've always enjoyed the IP
addresses that don't reverse-translate and so on. With
that sort of thing present, who would possibly end up with
a paranoia ? The machine should always have unchartable
activities going on, just to "keep you awake".

Paul

What's using my bandwidth?

In message , Paul in Houston TX
writes:
J. P. Gilliver (John) wrote:
[]
and I feel that surely it must be a common wonderment, and I'd have
thought there must be
some way simpler than using Wireshark or Process Explorer to answer
the simple question in
the subject.

Probably just a loopback from your router/modem or another comp on your
network.
Install Wireshark and see. http://www.wireshark.org

I was hoping NOT to have to use wireshark.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Hadrian's Wall has never been a border between Scotland and England. It lies
entirely within England but, when it was built in AD 122 by the Romans as a
defence against the raiding Picts, the future English were still in Germany
and the Scottish were still in Ireland.
- Michael Cullen, Skye, in RT 2014/12/6-12