Solved

Xp Home machine is sending Billions/Trillions of packets

Posted on 2003-11-02
18
7,134 Views
Last Modified: 2013-11-13
My brother's computer is a laptop and I am trying to connect it to the LAN I have in the house.  I connect the computer, check the IP address and everything is correct.  When I look at the "Status" it is saying that there are billions and billions(293,345,873,245) of packets being sent, and in the 100's being received.  What is going on here?  Where should I start in solving this problem?
0
Comment
Question by:tobin46
  • 8
  • 4
  • 2
  • +3
18 Comments
 
LVL 7

Expert Comment

by:AlexJ
ID: 9669187

Hi tobin46,


1. First of all Start from booting to safe mode with networking and check to see if issue doesn't occur there

    To do this,
         
Use this method if XP is the only operating system installed on your computer.

Start Windows, or if it is running, shut Windows down, and then turn off the computer.
Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears.


--------------------------------------------------------------------------------
Note: If you begin tapping the F8 key too soon, some computers will generate a "keyboard error" message. Please restart, and then try again.
--------------------------------------------------------------------------------
 
Using the arrow keys on the keyboard, scroll to and select the Safe mode with networking menu item, and then press Enter.

Connect to the internet and see if issue persists
If it doesn't proceed to second step


2. Perform a clean boot. Iam thinking it cud be malicious program loading at the startup.
    he is what U need to refer.
    How to perform cleanboot troubleshooting in windows XP
    http://support.microsoft.com/?kbid=310353

3. Check to see Add/Remove programs and uninstall these if found
   
   new.net domain
   Save now
   media loads
   enhanced media loads
   BonziBuddy
   BargainBuddy
   GatorEWallet
   Any kind of third party toolbars, easy search bar, MySearch bar etc...
   
4.  Scan for spywares and remove them with Adaware 6.0
    http://www.majorgeeks.com/download.php?det=506

5. Scan for viruses with ur updated Antivirus and ensure U have no virus

 

All the Best

Alex

0
 

Expert Comment

by:jaedus
ID: 9669654
Yeah do that, put your empasis on the virus scan however, or just downlod this:
http://www.symantec.com/avcenter/FxMimail.exe
At least that’s my guess. Just the other day I was at a client’s house on a complaint of his wireless network not working.  I checked the status of his adapter and sure enough, it had been sending huge amounts of traffic and receiving next to nothing.  A netstat query brought no result because there was no real connection, the mimail virus generates huge amounts of traffic when it tries to perform a DOS attack.  I just suggest this one because it’s the one I ran into the other night, there’s no guarantee it’s this one, it just sounds exactly like what I saw the other night.

For a more detailed idea of what’s going on, go to:
http://securityresponse.symantec.com/
and on the right side, near the bottom is a “check for security risks” button, click it, do a virus scan.  If it’s not a virus, well then, go to the start menu, then run, type cmd and hit enter.  Then type “netstat –an|more” without the quotes and see if anything is weird.

0
 
LVL 2

Expert Comment

by:haydes007
ID: 9675407
It could be that you have a network card going bad. Sometimes they start sending out packets when they are about to go to hardware heaven. Try changing it out with a known good one.
0
 
LVL 1

Author Comment

by:tobin46
ID: 9676424
It can't be the hardware, because I have "plugged" the wireless A+G card into my notebook and it works fine.  Also, I connected his computer to the wired portion of the LAN and it still did the same thing.  I have eliminated the hardware aspect as a potential problem.
0
 
LVL 1

Author Comment

by:tobin46
ID: 9676663
When I run the netstat -an|more I get some TCP listings with TIME_WAIT...Is that normal?  I've used SPYHunter, Symantec's, PC-Cillin and found no viruses, tried clean boots, I've tried all recommended actions proposed by the two of you guys.  All has come up empty-handed.  Any more suggestions?
0
 
LVL 7

Expert Comment

by:AlexJ
ID: 9677951

Now as U've already started in troubleshooting, Let's star with advanced steps

1. Perform a winsock Fix including reinstalling TCP/IP

Reinstall of the TCP/IP protocol to restore Winsock functionality

Step 1: Delete registry keys

A) Open Regedit from the Run line
B) Go to both of the following keys, export each of them, and then delete them:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock  and
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2
C) Restart the computer

NOTE: It is important to restart the computer after deleting the Winsock keys.  
Doing so causes the XP operating system to recreate shell entries for those two
keys.  If this is not done, the next step does not work correctly.


Step 2: Install TCP/IP on top of itself

A) Open the properties window of the network connection
B) Click Install
C) Click Protocol, then Add
D) Click Have Disk
E) Type the path to the nettcpip.inf file, for example: c:\windows\inf, and click
OK (if you try to click Browse, then browse to the \inf folder, it may not show up
in the list).
F) You should now see "Internet Protocol (TCP/IP)" in the list of available
protocols.  Select it and click OK.
G) Restart the computer

When the computer reboots you will have functional Winsock keys.

NOTE: If the network connection properties contained more than the following three
items: Client for Microsoft Networks, File and Printer Sharing for Microsoft
Networks, and TCP/IP, then the additional items may need to be removed in order to
restore browsing.  If those items are needed they can be reinstalled.  The reason
for removing them is due to those items placing entries into the Winsock keys and
those entries will no longer be there.

Side effects and possible problems:

This method will restore basic functionality to the Winsock keys, but is not a
complete rebuild. On a default install of Windows XP the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2\ParametersProtocol_Cat
alog9\Catalog_Entries - will have 11 sub-keys. When applying this method, the
Catalog_Entries will only have three sub-keys.  However, it works and there does
not appear to be any side effects.  The missing entries relate back to the:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
key.
Also, third-party proxy software or firewalls may need to be reinstalled.


<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
All the best

Alex
0
 
LVL 1

Author Comment

by:tobin46
ID: 9683989
Alex-
This method has fixed my access problem to the internet, although, when looking at the packet sent portion of the network connection status, there are still Billions/Trillions of packets being sent.  The packets being received are normal(in the thousands).  I can browse the internet, but what is causing the large packet amount still??????
Thanks-
Toby George
0
 
LVL 1

Author Comment

by:tobin46
ID: 9683998
Alex-
After 10minutes of being connected the packets received has ceased.  There haven't been any packets received for about three minutes now.  I'm not sure what to do, have we explored all of our options?
-Toby
0
 
LVL 1

Author Comment

by:tobin46
ID: 9684005
Also, when I run the netstat -an|more at the CMD prompt there is one entry that is trying to establish a connection :
proto     Local address            Foreign address              State
TCP      192.168.1.102:139     141.213.164.181:2335     ESTABLISHING

IS there something wrong with this or is this normal?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 7

Accepted Solution

by:
AlexJ earned 200 total points
ID: 9684350

Hi tobin46,

sorry for replying late. I am at a different time zone than U.
First thing... This question is worth 125 points or more now. If u can increase any no. of points, I wud appreciate it.

I think some malicious script has been executing on ur machine.

1. Go to start->Run->Devmgmt.msc    <Enter>
    In the device manager, Double Click network adapters
   DoubleClick your ethernet adapter (for LAN connection)
   Click drivers tab. Click uninstall
   Reboot the computer. Windows will detect the new hardware and will reinstall it. Keep the drivers disk handy
   if windows prompt it to insert.
   This process will remove corrupt LAN card drivers and replace them with good ones.

2. If problem persists
    Go to control panel->Network connections. RightClick on your connection and Click Repair
    This will perform a repair operation on ur connection.

3. Assuming its not becoz of the virus, U can perform a repair installation of windows XP, If none seem to worked.


Perform a Repair install of windows XP
**************************************

I recommend you to follow the steps below to repair Windows
onto itself to resolve this issue. It will reinstall all system files with this
method. You may need to reinstall some applications to upgrade some files to a
higher version, because they may be replaced during the installation of Windows.

The steps below will not damage your documents and registry. However, it is always
recommended to backup your important information and files to other partitions or
other disks.

1.  First, disable any Anti-Virus program and BIOS-level Anti-Virus protection.

2.  Make sure you have set your CD-ROM as the first priority boot device. You may
refer to your computer manual for information on how to do this.

3.  Insert the Windows XP CD into your CD-ROM and reboot your computer.

4.  When you see "Press any key to boot from CD" on the screen, press a key to let
your computer boot from the Windows XP CD.

5.  When the computer boots from the CD-ROM, it checks your hardware and then
prompts you with the following options.

*To set up Windows XP now, press Enter.

*To repair a Windows XP installation using Recovery Console, press R.

*To quit Setup without installing Windows XP, press F3.

6.  Please press ENTER.

7.  Press the F8 key to agree to the Licensing Agreement.

8.  You will see your current Windows XP installation is listed in a box and get
the following options:

*To repair the selected Windows XP installation, press R.

*To continue installing a fresh copy of Windows XP without repairing, press ESC.

9.  Please press "R".

10.  Then the setup program will repair Windows XP automatically.



All the best

Alex

 
0
 
LVL 1

Author Comment

by:tobin46
ID: 9684695
Alex-
Thanks for all your help.  I'm in the School of Information Sciences at the University of Pittsburgh and mainly I specialize in .Net Programming and Oracle Development.  The knowledge you shared with me is very beneficial and appreciated.  This problem just seemed a little out of my reach, and that is why I was in search of outside help.  

I actually already tried to uninstall the drivers for the adapter and it didn't solve the problem, unfortunately, I think I am going to have to perform a repair install.  Thanks for your help, I have made this question worth 200 points, I hope that helps.
-Toby  
0
 
LVL 7

Expert Comment

by:AlexJ
ID: 9684962

Yes, ofcourse, I appreciate the points.
Although
U wud have accepted it after getting benefit out of repair install.


:>)
Alex
0
 

Expert Comment

by:flashmxpro
ID: 11039549
Hi,

I had the same problem on my Sony laptop. And tried all of the things suggested here. Then finally I went to the Sony support page and downloaded a newer driver vor my network card.

This solved my problem. So everybody who comes to this site should give it a try...
0
 

Expert Comment

by:dsnymj
ID: 11055210
flashmxpro,

Which Sony laptop? I'm seeing the same thing on a new PCG-K15 and Sony's tech support is telling me that it's normal.

I've tried updating the driver, to no avail. I've also re-installed the OS - from their restore mechanism - and haven't had any luck.

I'm not buying that it's normal, but if it can be fixed with a driver update I'll be more inclined to keep the machine.
0
 
LVL 1

Author Comment

by:tobin46
ID: 11055279
hello, I'm glad that this post has helped.  I went directly to Sony and they also had me reinstall the drivers and tried to get me to reinstall the OS.  Don't waste your time reinstalling the OS, THAT IS NOT THE PROBLEM.  It is a faulty driver/ firmware for the network interface card.  I hooked that laptop up to a network ran a packet sniffing software package from another PC on that network and there were no packet entering the network at that rapid pace. Reinstalling the driver doesn't always work, if you have connectivity, just deal with it.  Good Luck.
0
 

Expert Comment

by:dsnymj
ID: 11064274
I was on the phone with Sony last night for a bit, re-installed the WI-FI adapter driver, and the problem was solved... until about 5 minutes after I thanked them and hung up. Since then, I've been able to establish connectivity for a while - often sending out 600+ packets per minute while all of my apps are idle - and then my WAP drops the connection while the laptop is still showing the outgoing packets. It's really rather hit-n-miss.

An "external" (PCMCIA/CardBus) 802.11b adapter seems to work fine, as does the 100baseTX connection - neither seem to be sending anything unintentionally. The "bursts" disappear for a short while when I change the channel on the WAP and "repair" the connection but they always come back. If I could just get the connection to stay solid I could, as you say, "just deal with it", but I haven't been able to get to that point so far.

I'm going to check out the demo models at a store or two to see if they exhibit the same behavior before taking the thing back for an exchange. I'd rather exchange it now than have to send it off to Sony later.

Thanks for letting us know that others were seeing the same behavior.
0
 

Expert Comment

by:flashmxpro
ID: 11065815
Hi,

my laptop is a PCG-GRX670, have it since December 2002. It worked fine all the time (except that the LCD backlight died on me last week). The strange behavior with the huge amount of packages being send out just started a few weeks ago. And as far as I know I just updated my McAfee and sometimes all the usually Bill Gates patches.

I think that on some time the OS just had some impact on the behavior of my network card. Though it seemed to work fined I noticed then some day that my computer seemed to send out bites like a mad Max.

Again, I did then all the suggested steps to get it fixed and bothered with the System Restore and any other things until I just updated the driver.

Now tell me if something worked fine before and starts behaving strange for no reason of course telling you that you made something wrong is the easiest way to respond while asking Sony or any other manufacturer.

I personally think that security patches might change things in your computer sometimes, so that driver starts to “fail” or work faulty. Then people complain, and if more then two come up with the same problem then it is getting serious. Manufactures start looking for it and then a few days or weeks later, all of a sudden you see some download on their website. You download it and then it seems to work fine again, the problem disappeared or whatever.

These days I am just thankful if I start my computer in the morning and finish my work on the eve without having to restart, install/update drivers or any other maintenance.

Wish you all the best with solving your problems...
0
 
LVL 1

Author Comment

by:tobin46
ID: 11067780
I'm sorry the two of you are experiencing this problem.  Fortunately for me it wasn't my computer and a family members.  There really is no answer to this question, and disregard the accepted answer for this problem as well.  Although it is a good guide if you want to reinstall/repair your OS.  The only other thing I can suggest is a parallel installation of windows, which is not a recommended procedure.  Basically, you install another copy of windows along side the other in a folder "Windows2".   This would allow you to boot to a fresh copy of windows along side your old version and would allow you to access all of your files.  You will be asked to select which copy of windows you want to boot to, i.e Windows Home/Pro Edition 2.  If the problem still exists, it is a hardware problem.  If you try to uninstall the card and reinstall it, thus copying a fresh driver and it still doesn't work then it is a hardware problem also.  Really, I think it is a hardware problem, faulty board or card interface.  I don't recommend the parallel install, I'd say there's too much at risk.  

If the external adapter works stick with it...Good Luck.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
The goal of this video is to provide viewers with basic examples to understand and use conditional statements in the C programming language.
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now