Excessive XP Packet Activity

Posted on 2003-03-25
Medium Priority
Last Modified: 2013-12-07
One of my machines is registering an excessive amounts of packets being sent. I have a bunch of XP/2000 machines networked as I'm studying for 70-210. They all seem to work fine and can all communicate well. One machine, which is my main machine, I happened to check the other day and the packets sent read around 500 billion. I rebooted and it picked up where it left off. Right from a clean reboot it started reading about 500 billion packets sent. I left the machine over night and in the morning it read over one trillion packets sent. Rebooting bought it back to about 600 billion. I thought rebooting would pretty much set it back to near zero, as it does that on all other machines. To test, when I would go out to a web site and watch to packets sent and recieved, the sent packet would jump a couple of billion instead of 10 or 20 when I would just go to a site. The recieved packets seem normal; a couple of thousand. There's not much in the start up but Zone Alarm, Nortons, a pop-up stopper and some printer drivers. Even if I were to stop all the programs from starting I don't think that would effect the packets already sent. If I check processes running in task manager all that shows is Idle and Task Manager with normal percentages with the CPU usage around 0-7% . Activity light on machine doesn't indicate that it's churning out packets either. The nic is an integrated Intel Pro/100 on a Gigabyte MB. All machine connected through a Linksys router into a cable connection. Any and all help appreciated.
Question by:dcpinger
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 51

Expert Comment

ID: 8203781
Scan for trojans.

Maybe use SpyBot or Ad-Aware.



Accepted Solution

GrindCrusher earned 750 total points
ID: 8203986
Run a protocol analyzer such as ethereal (its free
http://www.ethereal.com/) to see what type of traffic, i.e. broadcasts due to a faulty NIC, etc

Check against trojans and spyware as Netman suggested

While traffic is being generated you can run a
Nestat -an from the command prompt and see where and if there is any connection being established.

Are you running anything like Kazaa or morphious ?

While in task manager compare what processes are running. Here is some links to get you familiar with those processes:



Author Comment

ID: 8209514
I run Norton's automatically and scan weekly and always comes up clean. Ran Ad-Aware and found a few basics like double-click, but removing them had no effect. I only run Kaaza on one of the other machines dedicated to downloading questionable stuff. Running netstat shows that all tcp ports are just listening which I believe means there is no activity. I downloaded ethereal but need a few free minutes to read over how it works. I beginning to feel grind crushers comment about it just being a faulty nic may be right.When the machine is on for just a few hours the packets sent will go 1.5-2.0 trillion. That seems impossible without taking a performance hit and the machine, otherwise, seem like it's running normally.

Author Comment

ID: 8235651
Bad NIC! Swapped it and it works fine . Thanks for pointing me in the right direction.

Featured Post

Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question