Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


What's all that traffic?

Posted on 2006-04-08
Medium Priority
Last Modified: 2010-04-11
Running xp pro, zone alarm basic home, IE 6.0, dial up.  I frequently get the server unavailable screen for long periods of time.   When it's working, dial up speed is o.k. for surfing. Sometimes zone alarm shows lots of incoming traffic, even with IE shut down. Avast antivirus, hijackthis, spybot don't show any problems. Would appreciate 1) How can I figure out where the traffic is going. 2) Is there a way to determinet if the problem is the provider (it's worldshare)?
Question by:lewiso

Accepted Solution

imacgouf earned 560 total points
ID: 16409841
Hi lewiso,

You can dump the traffic to a file and analyse it

Download Ethereal or Windump.

Ethereal® is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements.

WinDump is the Windows version of tcpdump, the command line network analyzer for UNIX. WinDump is fully compatible with tcpdump and can be used to watch, diagnose and save to disk network traffic according to various complex rules.

Before running WinDump or Ethereal , you have to download and install the latest WinPcap version.
Download WinCap from: http://www.winpcap.org/install/default.htm

To Download Ethereal for Windows here: http://www.ethereal.com/download.html

TO Download WinDump: http://www.winpcap.org/windump/install/default.htm

If you need instruction on how to use Ethereal go to the site below which has illustrated guides to get you going.
Installing and Using Ethereal

Check out
The Broadband Report
 Everything you need to know about getting and using broadband Internet access
There is something on Worldshare.

By the way, try disable the ZoneAlarm Firewall to test the site when you  get the server unavailable screen. launch the site again and see if the probblem exist. do a tracert to your site and see.
Enable it after you tested it.

LVL 32

Assisted Solution

r-k earned 420 total points
ID: 16409855
Also, open a command prompt and type:

  > netstat -ab

to get a view of which processes have open network connections.

If you see anything of interest, get the free TCPview utility from: http://www.sysinternals.com/Utilities/TcpView.html
It gives you a lot of information about network traffic on your PC.

Assisted Solution

sda100 earned 200 total points
ID: 16411255
Hello lewiso

You will always get lots of incoming network traffic regardless of any applications open.  There will always be people randomly scanning IP addresses for open ports, and you'll find your ISP sends you lots of rubbish, amongst other things to check that you're still online.

If you set the correct logging level in Zonealarm you should be able to get all the data you need.  You can review the logs, or post them here.

If you want to test if Zonealarm is preventing your connection, set the True Vector service to disabled, then reboot your computer.  Make your dialup connection and test.  You should be able to set the service back to automatic, start it manually, then run Zonealarm from the Start menu.

Good luck!
Steve :)
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 23

Assisted Solution

by:Tim Holman
Tim Holman earned 420 total points
ID: 16411651
www.netlimiter.com is a good alternative, and will let you know how much bandwidth each application on your machine is consuming, which is a bit more practical than just seeing what applications have which ports open.
With dial-up accounts, or any ISP account for that matter, you're sharing the connection with at least 20 other users.  If all these users are on at the same time (or the service is over-subscribed), then yes, you will experience slowness as you describe.  

Author Comment

ID: 16678010
Hello Tolomir,

Thanks for your help, and thanks to everyone for the

Author Comment

ID: 16678026
Thanks everyone for your help.  I haven't had a chance to follow-up on the details of the answers provided, so I'm not sure if my point split is really accurate - but i gave it a try - after increasing the total point value.

Regards, Lewis.


Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ITIL has an elaborate incident management framework. This article serves as a starter for those who'd like to know more or need to suss out the baseline elements in a typical incident response execution plan on the "need to have" and the "good to ha…
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question