If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
What's using my bandwidth?
I think this is a FAQ, but I can't remember the A if there is one .. (-:
I use bitMeter2 with the audio feedback turned on; I know this would drive most people nuts, but each to his own. It alerts me to unusual activity. Of late, I've noticed something is using my bandwidth to a TINY but fairly consistent extent: I have BM2 set to alert every 100 kB, and it's doing so about every 28-30 seconds - as you can see, very low level, but higher than before. Looking at the graph in BM2, it's about 1/3 or 1/4 outgoing, 2/3 or 3/4 incoming. http://255soft.uk/temp/Clipboard01.gif is a sample grab (red is incoming, green outgoing [shows as yellow where coincident with incoming]) - as you can see, we're not talking huge data volumes here! I've turned off everything _I_ can think of that might be causing it, to no effect. Eventually, random sniping in Task Manager, I found one of the svchost instances (there are currently 13 of them, all belonging to "User"s LOCAL SERVICE, NETWORK SERVICE, or SYSTEM - none to me) is responsible, but I'm none the wiser of course. And killing it, it reappears after a few tens of seconds. But obviously I don't want to go just killing random processes in TM. Being less paranoid than some here, I'm not too _worried_ - at such a low rate, it's not exactly looting my pron collection, and it's more incoming than outgoing anyway, which makes me _doubt_ it's some sort of security probing. I'm just _curious_ as to what it is - and I feel that surely it must be a common wonderment, and I'd have thought there must be some way simpler than using Wireshark or Process Explorer to answer the simple question in the subject. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Norman Tebbitt has the irritating quality of being much nicer in person than he is in print. - Clive Anderson, RT 1996/10/12-18 |
Ads |
#2
|
|||
|
|||
What's using my bandwidth?
J. P. Gilliver (John) wrote:
I think this is a FAQ, but I can't remember the A if there is one .. (-: I use bitMeter2 with the audio feedback turned on; I know this would drive most people nuts, but each to his own. It alerts me to unusual activity. Of late, I've noticed something is using my bandwidth to a TINY but fairly consistent extent: I have BM2 set to alert every 100 kB, and it's doing so about every 28-30 seconds - as you can see, very low level, but higher than before. Looking at the graph in BM2, it's about 1/3 or 1/4 outgoing, 2/3 or 3/4 incoming. http://255soft.uk/temp/Clipboard01.gif is a sample grab (red is incoming, green outgoing [shows as yellow where coincident with incoming]) - as you can see, we're not talking huge data volumes here! I've turned off everything _I_ can think of that might be causing it, to no effect. Eventually, random sniping in Task Manager, I found one of the svchost instances (there are currently 13 of them, all belonging to "User"s LOCAL SERVICE, NETWORK SERVICE, or SYSTEM - none to me) is responsible, but I'm none the wiser of course. And killing it, it reappears after a few tens of seconds. But obviously I don't want to go just killing random processes in TM. Being less paranoid than some here, I'm not too _worried_ - at such a low rate, it's not exactly looting my pron collection, and it's more incoming than outgoing anyway, which makes me _doubt_ it's some sort of security probing. I'm just _curious_ as to what it is - and I feel that surely it must be a common wonderment, and I'd have thought there must be some way simpler than using Wireshark or Process Explorer to answer the simple question in the subject. Probably just a loopback from your router/modem or another comp on your network. Install Wireshark and see. http://www.wireshark.org |
#3
|
|||
|
|||
What's using my bandwidth?
J. P. Gilliver (John) wrote:
I think this is a FAQ, but I can't remember the A if there is one .. (-: I use bitMeter2 with the audio feedback turned on; I know this would drive most people nuts, but each to his own. It alerts me to unusual activity. Of late, I've noticed something is using my bandwidth to a TINY but fairly consistent extent: I have BM2 set to alert every 100 kB, and it's doing so about every 28-30 seconds - as you can see, very low level, but higher than before. Looking at the graph in BM2, it's about 1/3 or 1/4 outgoing, 2/3 or 3/4 incoming. http://255soft.uk/temp/Clipboard01.gif is a sample grab (red is incoming, green outgoing [shows as yellow where coincident with incoming]) - as you can see, we're not talking huge data volumes here! I've turned off everything _I_ can think of that might be causing it, to no effect. Eventually, random sniping in Task Manager, I found one of the svchost instances (there are currently 13 of them, all belonging to "User"s LOCAL SERVICE, NETWORK SERVICE, or SYSTEM - none to me) is responsible, but I'm none the wiser of course. And killing it, it reappears after a few tens of seconds. But obviously I don't want to go just killing random processes in TM. Being less paranoid than some here, I'm not too _worried_ - at such a low rate, it's not exactly looting my pron collection, and it's more incoming than outgoing anyway, which makes me _doubt_ it's some sort of security probing. I'm just _curious_ as to what it is - and I feel that surely it must be a common wonderment, and I'd have thought there must be some way simpler than using Wireshark or Process Explorer to answer the simple question in the subject. You could use TCPView and sort by transmitted or received packet count. To make the culprit float to the top. https://docs.microsoft.com/en-us/sys...nloads/tcpview Run Process Explorer as Administrator. This no longer runs in WinXP, but should work on later OSes. In particular, you can "sort by PID", highlight a service host and do Properties, and see what's running in the thread view perhaps. https://docs.microsoft.com/en-us/sys...ocess-explorer This kinda crap happens in Windows 10, and may be tied to Delivery Optimization ("dosvc"). While Windows 10 initially might have used BITS for every download purpose, the "dosvc" is like a Torrent, and allows one Windows 10 machine to share files with another Windows 10 machine. I don't think these have been ported to Windows 7. I have a test setup for Windows 10, where I use GPEDIT to disable "dosvc" and that's supposed to cause all downloads to switch to BITS. The advantage of doing that, might be that BITS has more manageable router behavior (can engineer hog-stopping on BITS via limiting the max connections). However, after the test setup was switched to BITS, the OS "refuses" to do updates :-) Anyway, enjoy your new hobby. I've always enjoyed the IP addresses that don't reverse-translate and so on. With that sort of thing present, who would possibly end up with a paranoia ? The machine should always have unchartable activities going on, just to "keep you awake". Paul |
#4
|
|||
|
|||
What's using my bandwidth?
On Sat, 05 Jan 2019 06:10:51 -0500, Paul
wrote: J. P. Gilliver (John) wrote: I think this is a FAQ, but I can't remember the A if there is one .. (-: I use bitMeter2 with the audio feedback turned on; I know this would drive most people nuts, but each to his own. It alerts me to unusual activity. Of late, I've noticed something is using my bandwidth to a TINY but fairly consistent extent: I have BM2 set to alert every 100 kB, and it's doing so about every 28-30 seconds - as you can see, very low level, but higher than before. Looking at the graph in BM2, it's about 1/3 or 1/4 outgoing, 2/3 or 3/4 incoming. http://255soft.uk/temp/Clipboard01.gif is a sample grab (red is incoming, green outgoing [shows as yellow where coincident with incoming]) - as you can see, we're not talking huge data volumes here! I've turned off everything _I_ can think of that might be causing it, to no effect. Eventually, random sniping in Task Manager, I found one of the svchost instances (there are currently 13 of them, all belonging to "User"s LOCAL SERVICE, NETWORK SERVICE, or SYSTEM - none to me) is responsible, but I'm none the wiser of course. And killing it, it reappears after a few tens of seconds. But obviously I don't want to go just killing random processes in TM. Being less paranoid than some here, I'm not too _worried_ - at such a low rate, it's not exactly looting my pron collection, and it's more incoming than outgoing anyway, which makes me _doubt_ it's some sort of security probing. I'm just _curious_ as to what it is - and I feel that surely it must be a common wonderment, and I'd have thought there must be some way simpler than using Wireshark or Process Explorer to answer the simple question in the subject. You could use TCPView and sort by transmitted or received packet count. To make the culprit float to the top. https://docs.microsoft.com/en-us/sys...nloads/tcpview Run Process Explorer as Administrator. This no longer runs in WinXP, but should work on later OSes. In particular, you can "sort by PID", highlight a service host and do Properties, and see what's running in the thread view perhaps. I have a Process Explorer running on my XP, it's version 11.13, probably ancient. I don't seem to be able to 'sort on PID' with it. I still have the zip file it came in if it's of any use to anyone. https://docs.microsoft.com/en-us/sys...ocess-explorer This kinda crap happens in Windows 10, and may be tied to Delivery Optimization ("dosvc"). While Windows 10 initially might have used BITS for every download purpose, the "dosvc" is like a Torrent, and allows one Windows 10 machine to share files with another Windows 10 machine. I don't think these have been ported to Windows 7. I have a test setup for Windows 10, where I use GPEDIT to disable "dosvc" and that's supposed to cause all downloads to switch to BITS. The advantage of doing that, might be that BITS has more manageable router behavior (can engineer hog-stopping on BITS via limiting the max connections). However, after the test setup was switched to BITS, the OS "refuses" to do updates :-) Anyway, enjoy your new hobby. I've always enjoyed the IP addresses that don't reverse-translate and so on. With that sort of thing present, who would possibly end up with a paranoia ? The machine should always have unchartable activities going on, just to "keep you awake". Paul |
#5
|
|||
|
|||
What's using my bandwidth?
In message , Paul in Houston TX
writes: J. P. Gilliver (John) wrote: [] and I feel that surely it must be a common wonderment, and I'd have thought there must be some way simpler than using Wireshark or Process Explorer to answer the simple question in the subject. Probably just a loopback from your router/modem or another comp on your network. Install Wireshark and see. http://www.wireshark.org I was hoping NOT to have to use wireshark. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Hadrian's Wall has never been a border between Scotland and England. It lies entirely within England but, when it was built in AD 122 by the Romans as a defence against the raiding Picts, the future English were still in Germany and the Scottish were still in Ireland. - Michael Cullen, Skye, in RT 2014/12/6-12 |
Thread Tools | |
Display Modes | Rate This Thread |
|
|