What's all that traffic?

Posted on 2006-04-08
Last Modified: 2010-04-11
Running xp pro, zone alarm basic home, IE 6.0, dial up.  I frequently get the server unavailable screen for long periods of time.   When it's working, dial up speed is o.k. for surfing. Sometimes zone alarm shows lots of incoming traffic, even with IE shut down. Avast antivirus, hijackthis, spybot don't show any problems. Would appreciate 1) How can I figure out where the traffic is going. 2) Is there a way to determinet if the problem is the provider (it's worldshare)?
Question by:lewiso
    LVL 7

    Accepted Solution

    Hi lewiso,

    You can dump the traffic to a file and analyse it

    Download Ethereal or Windump.

    Ethereal® is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements.

    WinDump is the Windows version of tcpdump, the command line network analyzer for UNIX. WinDump is fully compatible with tcpdump and can be used to watch, diagnose and save to disk network traffic according to various complex rules.

    Before running WinDump or Ethereal , you have to download and install the latest WinPcap version.
    Download WinCap from:

    To Download Ethereal for Windows here:

    TO Download WinDump:

    If you need instruction on how to use Ethereal go to the site below which has illustrated guides to get you going.
    Installing and Using Ethereal

    Check out
    The Broadband Report
     Everything you need to know about getting and using broadband Internet access
    There is something on Worldshare.

    By the way, try disable the ZoneAlarm Firewall to test the site when you  get the server unavailable screen. launch the site again and see if the probblem exist. do a tracert to your site and see.
    Enable it after you tested it.

    LVL 32

    Assisted Solution

    Also, open a command prompt and type:

      > netstat -ab

    to get a view of which processes have open network connections.

    If you see anything of interest, get the free TCPview utility from:
    It gives you a lot of information about network traffic on your PC.
    LVL 9

    Assisted Solution

    Hello lewiso

    You will always get lots of incoming network traffic regardless of any applications open.  There will always be people randomly scanning IP addresses for open ports, and you'll find your ISP sends you lots of rubbish, amongst other things to check that you're still online.

    If you set the correct logging level in Zonealarm you should be able to get all the data you need.  You can review the logs, or post them here.

    If you want to test if Zonealarm is preventing your connection, set the True Vector service to disabled, then reboot your computer.  Make your dialup connection and test.  You should be able to set the service back to automatic, start it manually, then run Zonealarm from the Start menu.

    Good luck!
    Steve :)
    LVL 23

    Assisted Solution

    by:Tim Holman is a good alternative, and will let you know how much bandwidth each application on your machine is consuming, which is a bit more practical than just seeing what applications have which ports open.
    With dial-up accounts, or any ISP account for that matter, you're sharing the connection with at least 20 other users.  If all these users are on at the same time (or the service is over-subscribed), then yes, you will experience slowness as you describe.  

    Author Comment

    Hello Tolomir,

    Thanks for your help, and thanks to everyone for the

    Author Comment

    Thanks everyone for your help.  I haven't had a chance to follow-up on the details of the answers provided, so I'm not sure if my point split is really accurate - but i gave it a try - after increasing the total point value.

    Regards, Lewis.


    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now