Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Extra network activity

Posted on 2006-06-21
10
Medium Priority
?
418 Views
Last Modified: 2013-12-07
Greetings:
We are using a ZyXEL 662HW VPN router and ZyXEL G-302 PCI adapters.
We have 5 work stations on the network and all are working well.
All five work stations are running Windows XP Pro.
Problem:  Two of the work stations have activity on the little monitor symbol
in the bottom tray.  The activity is approx. every 5 sec. for approx. 1 sec.
This activity is with no applications running on any station and none have internet explorer active.  
I have looked at the task lists and all are empty.
This activity makes the network slow and intermittent.
How can I tell what is causing this activity?
                           
                           Thanks, Russ
0
Comment
Question by:RFIGOR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16954190
I would load ethereal and run it on the pc's it should show you source desitnation and type of traffic.

http://www.ethereal.com/

give that a shot should give you clues to were the traffic is comming from.

Thanks
scott
0
 
LVL 13

Expert Comment

by:prashsax
ID: 16954466
You can also use fport to see what all applications are listening on ports.

http://www.foundstone.com/knowledge/proddesc/fport.html

It could be some malware/spyware ot could be Automatic Windows Update client trying to access the windows site.

You will be sure of it, only after capturing packets and then comparing the traffic with the processes running.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 16954942
Numerous installed applications can cause this such as Windows update, Virus update, QuickTime, even some printers such as Lexmarks, however the frequency of activity and the fact that there must be sufficient volume to slow the network, is suspicious. First I would run at a command line:
 netstat  -abn
Look through the first list of "ESTABLISHED" connections. Below each of these it will show the application making the connection such as [Outlook.exe] see if any of these are suspicious or unknown.
If nothing shows up there, I would run a full virus scan, and download and run Ewido anti-spyware from http://www.ewido.net/en/download/ 
Note Ewido is a great tool but quite ruthless, if you have any P2P or downloader programs it will probably remove them.........which is a good thing.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 16

Expert Comment

by:The--Captain
ID: 16955160
>Problem:  Two of the work stations have activity on the little monitor symbol
>in the bottom tray.  The activity is approx. every 5 sec. for approx. 1 sec.

That is *not* a reliable network diagnostic tool, period.

>This activity makes the network slow and intermittent.

You cannot draw that conclusion from the goofy system tray icons.

Use your firewall or router to monitor your network traffic, if you don't have a managed switch/hub.

Cheers,
-Jon
0
 
LVL 4

Expert Comment

by:mattbcs
ID: 16955743
Sounds like good old netbios (AKA WINS) traffic on those two machines.

Perhaps someone forgot to disable lmhosts?
0
 
LVL 11

Expert Comment

by:knoxzoo
ID: 16955832
Download and install DUMeter (www.dumeter.com) and use it to monitor the bandwidth used by the machines in question.  If it's what I suspect it is, you'll see less than 2k pop up about once every 5-10 seconds.  That's just XP checking to see if anyone else is around, and letting others know it's around.  The slow and intermittent thing sounds more like the cards are on the edge of the viable signal path, or are receiving interference from another nearby access point on the same channel.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 16966410
>Sounds like good old netbios (AKA WINS) traffic on those two machines.

>Perhaps someone forgot to disable lmhosts?

Who knows?  Could be anything if all you're using is system tray icons.

To everyone who keeps suggesting host-based monitoring tools:

How is that going to work if the network is switched?

Answer:

It's not, unless the software is installed on *every* machine - while this may work for a network of 5 machines, it's still more work than simply monitoring the edge device (which is where the bottleneck is anyway), and is utterly unscalable.

Monitor the edge device - if it can't be monitored, spend more than $10 on edge device.

Cheers,
-Jon
0
 
LVL 1

Expert Comment

by:Wrathyimp
ID: 16981681
use DUmeter
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 16982083
Wrathyimp,

Did you even read my post (and its relevant concerns)?  You do realize that you are simply duplicating previous advice without giving credit?

>>To everyone who keeps suggesting host-based monitoring tools:

>>How is that going to work if the network is switched?

>use DUmeter

Ridiculous.

Cheers,
-Jon

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16984877
Thanks RFIGOR,
--Rob
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question