Local Area Network Connection Has Constant Activity?

I have a bit of a problem.

In the last couple of days, my Network connection runs all the time
downloading something or checking something, I'm not sure which but it
seem to have a ton of packets sent and received. But nothing is going
on, most of the time the computer is setting idle - but this activity
just goes on and on. I am running WinXP with all updates, I have a
Local Area Network to also link my laptop to the network via a Linksys
4-Port Router which I have used for quite some time. As I said, this
activity just started in the last couple of days and I cannot figure
out what is causing it or how to fix it.

I have the latest version of Norton Antivirus 2012 running, but have
been using this antivirus program for a number of years without this
problem.

Any thoughts on what might be causing this problem?

Thanks
charliec

"charliec" wrote:

In the last couple of days, my Network connection runs all the time
downloading something or checking something, I'm not sure which but it
seem to have a ton of packets sent and received. But nothing is going
on, most of the time the computer is setting idle - but this activity
just goes on and on. I am running WinXP with all updates, I have a
Local Area Network to also link my laptop to the network via a Linksys
4-Port Router which I have used for quite some time. As I said, this
activity just started in the last couple of days and I cannot figure
out what is causing it or how to fix it.

I have the latest version of Norton Antivirus 2012 running, but have
been using this antivirus program for a number of years without this
problem.

Measured where? At the router or at your computer?

If the activity is at your computer, have you tried to monitor what is
generating the traffic and to where it is going? SysInternals' TCPview
will show you what processes have connections. You can probably
configured it to hide unconnected endpoints (they have unbound yet).
Nirsoft has their SmartSniff and SocketSniff utilities to let you know
what network traffic is received or sent from your computer.
SocketSniff lets you monitor the network traffic for a selected process,
so use TCPview to see which processes have network connections to then
choose one, or more, to monitor with SocketSniff. SmartSniff is a
packet sniffer that lets you monitor all your network traffic. Another
popular packet sniffer is Wireshark. There are lots of network monitor
utilities available at the download sites (download.com, softpedia.com).

If your router has logging, you could turn it on to see to where all
your intranet hosts are connecting. Have you enabled the security
settings inside the router to make sure your neighbors or roaming
hackers aren't using your router? "Linksys 4-port router" tells no one
what you actually have. That doesn't specify a particular model for
anyone, including you, to go read its online manual to find out what
security features it provides.

Do you have UPnP service enabled (http://en.wikipedia.org/wiki/Upnp)?
Is SSDP (http://en.wikipedia.org/wiki/Simple_...overy_Protocol)
service disabled? If not, why not? What hosts or network nodes do you
have that actually support it? What hardware, if any, have you added in
the last few days?

How many wifi nodes, if any, are in your intranet? If none, did you
leave the Wireless Zero Configuration service enabled? For info, see
http://en.wikipedia.org/wiki/Wireles..._Configuration. Do you even
need it if you do have wireless nodes?

On Sat, 28 Jul 2012 20:56:03 -0700, wrote:

I have a bit of a problem.

In the last couple of days, my Network connection runs all the time
downloading something or checking something, I'm not sure which but it
seem to have a ton of packets sent and received. But nothing is going
on, most of the time the computer is setting idle - but this activity
just goes on and on. I am running WinXP with all updates, I have a
Local Area Network to also link my laptop to the network via a Linksys
4-Port Router which I have used for quite some time. As I said, this
activity just started in the last couple of days and I cannot figure
out what is causing it or how to fix it.

You don't mention what problem you're having. If you're just curious
about the traffic, there are some things you can do. Off the top of my
head, and in no particular order:

a)go to Computer Management and expand the Shared Folders branch. Look
at Sessions and Open Files to see if any clues jump out.

b)from a Command Prompt, run "netstat -a" to see what connections are
open.

c)in Task Manager, select the Networking tab and look at the Network
Utilization to see how much traffic is involved.

d)pull the WAN cable from the router to see if the traffic stops. If
it stops, it was LAN-WAN traffic. If it doesn't stop, it's LAN-LAN
(intraLAN) traffic. Not a definitive test, but helps determine where
the endpoints may be.

e)use a packet capture program such as Wireshark to view the actual
traffic. This will allow you to see the source and destination IP's
and ports, the traffic type, and the actual payload. Expect to be
overwhelmed if you haven't been here before.

f)'other' - for everything not mentioned above, including malware
scans with something other than Norton.

Any thoughts on what might be causing this problem?

I'm still not sure what problem you're having. Every LAN has (nearly)
constant activity.

On Sun, 29 Jul 2012 11:43:16 -0500, VanguardLH wrote:

"charliec" wrote:

In the last couple of days, my Network connection runs all the time
downloading something or checking something, I'm not sure which but it
seem to have a ton of packets sent and received. But nothing is going
on, most of the time the computer is setting idle - but this activity
just goes on and on. I am running WinXP with all updates, I have a
Local Area Network to also link my laptop to the network via a Linksys
4-Port Router which I have used for quite some time. As I said, this
activity just started in the last couple of days and I cannot figure
out what is causing it or how to fix it.

I have the latest version of Norton Antivirus 2012 running, but have
been using this antivirus program for a number of years without this
problem.

Measured where? At the router or at your computer?

If the activity is at your computer, have you tried to monitor what is
generating the traffic and to where it is going? SysInternals' TCPview
will show you what processes have connections. You can probably
configured it to hide unconnected endpoints (they have unbound yet).
Nirsoft has their SmartSniff and SocketSniff utilities to let you know
what network traffic is received or sent from your computer.
SocketSniff lets you monitor the network traffic for a selected process,
so use TCPview to see which processes have network connections to then
choose one, or more, to monitor with SocketSniff. SmartSniff is a
packet sniffer that lets you monitor all your network traffic. Another
popular packet sniffer is Wireshark. There are lots of network monitor
utilities available at the download sites (download.com, softpedia.com).

If your router has logging, you could turn it on to see to where all
your intranet hosts are connecting. Have you enabled the security
settings inside the router to make sure your neighbors or roaming
hackers aren't using your router? "Linksys 4-port router" tells no one
what you actually have. That doesn't specify a particular model for
anyone, including you, to go read its online manual to find out what
security features it provides.

Do you have UPnP service enabled (http://en.wikipedia.org/wiki/Upnp)?
Is SSDP (http://en.wikipedia.org/wiki/Simple_...overy_Protocol)
service disabled? If not, why not? What hosts or network nodes do you
have that actually support it? What hardware, if any, have you added in
the last few days?

How many wifi nodes, if any, are in your intranet? If none, did you
leave the Wireless Zero Configuration service enabled? For info, see
http://en.wikipedia.org/wiki/Wireles..._Configuration. Do you even
need it if you do have wireless nodes?

Ak, let me try to take a look at what you offered. The Linksys router
is the BEFSR41 model. I'll start by trying SysInternals' TCPview and
go from there.

charliec

On Sun, 29 Jul 2012 11:43:19 -0500, Char Jackson
wrote:

On Sat, 28 Jul 2012 20:56:03 -0700, wrote:

I have a bit of a problem.

In the last couple of days, my Network connection runs all the time
downloading something or checking something, I'm not sure which but it
seem to have a ton of packets sent and received. But nothing is going
on, most of the time the computer is setting idle - but this activity
just goes on and on. I am running WinXP with all updates, I have a
Local Area Network to also link my laptop to the network via a Linksys
4-Port Router which I have used for quite some time. As I said, this
activity just started in the last couple of days and I cannot figure
out what is causing it or how to fix it.

You don't mention what problem you're having. If you're just curious
about the traffic, there are some things you can do. Off the top of my
head, and in no particular order:

a)go to Computer Management and expand the Shared Folders branch. Look
at Sessions and Open Files to see if any clues jump out.

b)from a Command Prompt, run "netstat -a" to see what connections are
open.

c)in Task Manager, select the Networking tab and look at the Network
Utilization to see how much traffic is involved.

d)pull the WAN cable from the router to see if the traffic stops. If
it stops, it was LAN-WAN traffic. If it doesn't stop, it's LAN-LAN
(intraLAN) traffic. Not a definitive test, but helps determine where
the endpoints may be.

e)use a packet capture program such as Wireshark to view the actual
traffic. This will allow you to see the source and destination IP's
and ports, the traffic type, and the actual payload. Expect to be
overwhelmed if you haven't been here before.

Ok, I will try your suggestions and see what comes up.

f)'other' - for everything not mentioned above, including malware
scans with something other than Norton.

Any thoughts on what might be causing this problem?

I'm still not sure what problem you're having. Every LAN has (nearly)
constant activity.

The constant activity is under "Activity" on the Local Area
Connection Status window, tons of packets are being "sent" and
"received" - just in the last 45 minutes, 165,000+ packets sent,
237,000+ received. I've never had this kind of activity on the
network when not doing anything.

It also slow down my computer and sometimes freezes it for awhile. I
need to resolve what is causing it and fix it, but am still a bit at a
loss now - will try your suggestions.

charliec

On Sun, 29 Jul 2012 11:43:19 -0500, Char Jackson
wrote:

On Sat, 28 Jul 2012 20:56:03 -0700, wrote:

I have a bit of a problem.

In the last couple of days, my Network connection runs all the time
downloading something or checking something, I'm not sure which but it
seem to have a ton of packets sent and received. But nothing is going
on, most of the time the computer is setting idle - but this activity
just goes on and on. I am running WinXP with all updates, I have a
Local Area Network to also link my laptop to the network via a Linksys
4-Port Router which I have used for quite some time. As I said, this
activity just started in the last couple of days and I cannot figure
out what is causing it or how to fix it.

You don't mention what problem you're having.

The problem is, this constant activity is causing my computer to slow
down and freeze at time - did not happen until a couple of days ago.
No new hardware installed.

If you're just curious
about the traffic, there are some things you can do. Off the top of my
head, and in no particular order:

a)go to Computer Management and expand the Shared Folders branch. Look
at Sessions and Open Files to see if any clues jump out.

Sessions had no items - Open Files had no items.


b)from a Command Prompt, run "netstat -a" to see what connections are
open.

I did that and have a copy of the results, but do not know what to
really look at in the results - can you advise as to what to look at
or for?


c)in Task Manager, select the Networking tab and look at the Network
Utilization to see how much traffic is involved.

It appears to be at 1% or less most of the time.


d)pull the WAN cable from the router to see if the traffic stops. If
it stops, it was LAN-WAN traffic. If it doesn't stop, it's LAN-LAN
(intraLAN) traffic. Not a definitive test, but helps determine where
the endpoints may be.

Looked at the box, but am not sure what the WAN cable is - have 3
cables in it (not including the power cable), one to the computer, one
to the Internet, and one that I can plug my laptop into.


e)use a packet capture program such as Wireshark to view the actual
traffic. This will allow you to see the source and destination IP's
and ports, the traffic type, and the actual payload. Expect to be
overwhelmed if you haven't been here before.

Not sure what Wireshark is - are you referring to the Wireshark
Capture Filters program I saw on the Internet or something else?


f)'other' - for everything not mentioned above, including malware
scans with something other than Norton.

I have Spy Sweeper and SpyBot installed, but run them in manual mode
instead of live as to not conflict with NortonAntivirus. Will run a
scan with them in a few minutes.


Any thoughts on what might be causing this problem?

I'm still not sure what problem you're having. Every LAN has (nearly)
constant activity.

The problem is, this activity slows my computer and freezes it at time
- tons of "packets Sent and Received" and constantly increasing.

"charliec" wrote:

The constant activity is under "Activity" on the Local Area
Connection Status window, tons of packets are being "sent" and
"received" - just in the last 45 minutes, 165,000+ packets sent,
237,000+ received. I've never had this kind of activity on the
network when not doing anything.

So if it wasn't a hardware change in the last few days when this
behavior changed, what software have you installed? Might be time to
consider a 3rd party firewall so you get prompted when a process want to
make a connection and you can see to where it is connecting. TCPview
will tell what currently has a connection but it won't show you what had
a connection but is no longer connected plus it's not going to regulate
what can connect to where.

First use the utilities I mentioned in my other post. Those will likely
show the culprit of the network traffic. Could be, for example, your
anti-virus, Flash Player, Adobe Reader, Windows Update, and other auto-
update features in several apps that you left configured to do these
background and automated updates without ever prompting you about them.
Any apps you have installed that have an auto-update function should be
configured to ask you for permission to install the update, not just
blindly modify your computer setup.

On Sun, 29 Jul 2012 13:51:22 -0700, wrote:

On Sun, 29 Jul 2012 11:43:19 -0500, Char Jackson
wrote:

You don't mention what problem you're having.

The problem is, this constant activity is causing my computer to slow
down and freeze at time - did not happen until a couple of days ago.
No new hardware installed.

I'm extremely skeptical that the network traffic is the reason why
your computer is slowing down and freezing. There simply isn't nearly
enough traffic present to account for that. The traffic could be a
side effect, but not the root cause, so you may or may not be chasing
ghosts.

c)in Task Manager, select the Networking tab and look at the Network
Utilization to see how much traffic is involved.

It appears to be at 1% or less most of the time.

See what I mean? 1% isn't significant.

In Task Manager, keep an eye on CPU utilization to get a feel for
what's normal, and compare that to the utilization when things get
hairy. If the utilization spikes or even max's out as the system
slows, flip over to the Processes tab to see if the offending process
reveals itself. If it's malware, it may not, but it's worth a shot.

d)pull the WAN cable from the router to see if the traffic stops. If
it stops, it was LAN-WAN traffic. If it doesn't stop, it's LAN-LAN
(intraLAN) traffic. Not a definitive test, but helps determine where
the endpoints may be.

Looked at the box, but am not sure what the WAN cable is - have 3
cables in it (not including the power cable), one to the computer, one
to the Internet, and one that I can plug my laptop into.

The one going to the "Internet" is the WAN cable. If your phantom
traffic is host-to-host within your LAN, disconnecting the WAN cable
won't stop that traffic. However, if something on your computer is
talking to an endpoint on the Internet, then pulling the WAN cable
will make it stop. It's a very crude test.

Take a look at processes running. I've seen wupdate get borked and two
instances attempting to do updates beating each other over the head.

If you are familiar with the processes that should be running and know
the issues when you shut them down you could do that to see if there is
something there.

On Sun, 29 Jul 2012 22:47:03 -0500, edfair wrote:


Take a look at processes running. I've seen wupdate get borked and two
instances attempting to do updates beating each other over the head.

By "processes running", you mean in ctrl/alt/delete window?

In most cases, I always have MS Outlook 2010 and My Computer minimized
on the toolbar, and nothing else running. The computer is idle, but
the Local Area Network Icon still shows a lot of activity. Checkint
it, I see many packets being sent and received on the Network.


If you are familiar with the processes that should be running and know
the issues when you shut them down you could do that to see if there is
something there.

On Wed, 01 Aug 2012 11:34:36 -0700, wrote:

On Sun, 29 Jul 2012 22:47:03 -0500, edfair wrote:

Take a look at processes running. I've seen wupdate get borked and two
instances attempting to do updates beating each other over the head.

By "processes running", you mean in ctrl/alt/delete window?

It's called Task Manager, and Ctrl-Alt-Del is only one way to access
it. You can also right click on the taskbar and select Task Manager
from the context menu, among others. Once Task Manager is running,
select the Processes tab.

In most cases, I always have MS Outlook 2010 and My Computer minimized
on the toolbar, and nothing else running. The computer is idle, but
the Local Area Network Icon still shows a lot of activity. Checkint
it, I see many packets being sent and received on the Network.

I still don't think network activity is necessarily a bad thing. Did
you ever do any of the things that were suggested to track it down?

quote:
"In most cases, I always have MS Outlook 2010 and My Computer minimized
on the toolbar, and nothing else running."

You'll have other stuff running. Probably 30 to 40 things that the OS
wants running to operate, some of which can be stopped manually without
borking the system.

For test purposes you can probably cut that back by 10 to 15 by
startrunmsconfig, go to startup tab and disable all for the duration.

The more stuff you can eliminate as being the problem the easier the fix
is going to be.

On Wed, 01 Aug 2012 14:21:13 -0500, Char Jackson
wrote:

On Wed, 01 Aug 2012 11:34:36 -0700, wrote:

On Sun, 29 Jul 2012 22:47:03 -0500, edfair wrote:

Take a look at processes running. I've seen wupdate get borked and two
instances attempting to do updates beating each other over the head.

By "processes running", you mean in ctrl/alt/delete window?

It's called Task Manager, and Ctrl-Alt-Del is only one way to access
it. You can also right click on the taskbar and select Task Manager
from the context menu, among others. Once Task Manager is running,
select the Processes tab.

In most cases, I always have MS Outlook 2010 and My Computer minimized
on the toolbar, and nothing else running. The computer is idle, but
the Local Area Network Icon still shows a lot of activity. Checkint
it, I see many packets being sent and received on the Network.

I still don't think network activity is necessarily a bad thing. Did
you ever do any of the things that were suggested to track it down?

I worked with Dell on it and they found a virus on my machine, cleaned
it up and things seem to be going better now.

On Wed, 01 Aug 2012 21:25:38 -0700, wrote:

On Wed, 01 Aug 2012 14:21:13 -0500, Char Jackson
wrote:

On Wed, 01 Aug 2012 11:34:36 -0700, wrote:

On Sun, 29 Jul 2012 22:47:03 -0500, edfair wrote:

Take a look at processes running. I've seen wupdate get borked and two
instances attempting to do updates beating each other over the head.

By "processes running", you mean in ctrl/alt/delete window?

It's called Task Manager, and Ctrl-Alt-Del is only one way to access
it. You can also right click on the taskbar and select Task Manager
from the context menu, among others. Once Task Manager is running,
select the Processes tab.

In most cases, I always have MS Outlook 2010 and My Computer minimized
on the toolbar, and nothing else running. The computer is idle, but
the Local Area Network Icon still shows a lot of activity. Checkint
it, I see many packets being sent and received on the Network.

I still don't think network activity is necessarily a bad thing. Did
you ever do any of the things that were suggested to track it down?

I worked with Dell on it and they found a virus on my machine, cleaned
it up and things seem to be going better now.

I guess you'll be dumping Spy Sweeper, Spybot, and Norton now, eh?