?
Solved

network activity

Posted on 2011-10-04
17
Medium Priority
?
334 Views
Last Modified: 2013-11-22
hello,

i experience a slow internet without apparent reason, so i installed commview and saw internet activity on different  IP's

what do you recommend in this case?  i already ran MBAM, and have AVG free running - no problems detected
0
Comment
Question by:nobus
  • 7
  • 6
  • 2
15 Comments
 
LVL 5

Assisted Solution

by:hax1
hax1 earned 1600 total points
ID: 36909643
hi,

try installing netmeter (http://readerror.gmxhome.de) and see how much traffic is actually happening, because requests go out to all different ip addresses all the time, so this won't mean much.

Also try www.speedtest.net after a reboot to see if your connection is really slow.

also double check you don't have any file sharing programs running in your network (utorrent etc.) as they tend to upload a load, unless you cap them.

best regards.
0
 
LVL 93

Author Comment

by:nobus
ID: 36915320
i installed netmeter, see the graph during work
i am a bit concerned that my pc could be hijacked  - any way to chekc that
netgraph.png
0
 
LVL 5

Expert Comment

by:hax1
ID: 36915345
not a lot of activity, so no doesn't look like anything is wrong (the spikes probably come from you loading a website)

you can install hijackthis (http://free.antivirus.com/hijackthis/) and post the output here, and I'll have a look if anything harmful might be running... (hijackthis is a program that looks for running proccesses and outputs a log)
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
LVL 93

Author Comment

by:nobus
ID: 36915595
i am worried about all the sites showing with commview during work on EE  -see pic

commview.png
0
 
LVL 5

Accepted Solution

by:
hax1 earned 1600 total points
ID: 36915653
no need to worry, all webservers and stuff like that (everytime you load a webpage multiple connections have to be made ... f.e. google is in there, as well as experts exchange etc.) -> just try typing the ip addresses in your webbrowser and see what loads.

the connections pretty much don't say anything, so don't worry.

my computer nowhas at least 10 times as many connections open ... and I'm not hacked ;-)

every image on a webserver, skype, every ad, etc. equals a connection ...

if you want to be more secure that you haven't been hacked do a hijackthis scan, and post your log or input it into some website that analyizes those logs like www.hijackthis.de
0
 
LVL 93

Author Comment

by:nobus
ID: 36916192
hijackthis is clean
but the activity does not happen always; but when it hâppesn, i saw the internet acivivty led on my router flashing...
0
 
LVL 5

Assisted Solution

by:hax1
hax1 earned 1600 total points
ID: 36916223
every website you open, every program that runs in the background that requires internet connection (from skype, to windows itself with components like windows update, every other program that checks for an update, the time synchronization etc.) is making your routers internet led flash. don't worry, this is normal and has nothing to do with an infected pc.

you are running an av and hijackthis is clean, and there is no abnormal network activity, so your pc is very very very probably clean, so stop worrying :-)
0
 
LVL 5

Expert Comment

by:hax1
ID: 36916242
and if you are still worried try pinpointing the source when the network connectivity happens (use the resource monitor to chech which processes are responsible for the packets being sent ..) but I bet it's something harmless, like windows update, or java update, or very probably even skype that's using your pc as a supernode to route somebody else's file or call ...
0
 
LVL 93

Author Comment

by:nobus
ID: 36917482
that can be - but i would like someone elses opinion also
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 36921204
I would recommend you to download TCPView which would tell you which process is connecting to the which IP addresses. So if all the legit process then you should not be worried about. You may want to post the screenshot of the TCPVIew Window after running if in doubt.

http://technet.microsoft.com/en-us/sysinternals/bb897437

Sudeep
0
 
LVL 93

Author Comment

by:nobus
ID: 36922683
ok here the log :
tcplog.txt
0
 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 400 total points
ID: 36945696
I see Skype been used, it could be the cause of the network spike.

Skype.exe      2980      TCP      nobus64-PC      http      nobus64-PC      0      LISTENING                                                            
Skype.exe      2980      TCP      nobus64-PC      https      nobus64-PC      0      LISTENING                                                            
Skype.exe      2980      TCP      nobus64-PC      32305      nobus64-PC      0      LISTENING                                                            
Skype.exe      2980      TCP      nobus64-pc.wl-359      49166      109.160.30.48      1418      ESTABLISHED      1      2      1      2                                    
Skype.exe      2980      UDP      nobus64-PC      https      *      *                                                                  
Skype.exe      2980      UDP      nobus64-PC      32305      *      *                                                                  
Skype.exe      2980      UDP      nobus64-PC      55052      *      *            1      1      1      1                  

Sudeep
0
 
LVL 93

Author Comment

by:nobus
ID: 36947066
i'll uninstall it to test Sudeep
0
 
LVL 5

Expert Comment

by:hax1
ID: 36947158
as I said before, it's probably just skype using your pc as a supernode (routing calls trough you), especially if your pc is running a lot that's very probable, skype does it to me all the also, there used to be a setting where you could turn it off, but I'm not sure if it's functional anymore.

http://forum.skype.com/index.php?showtopic=814803
0
 
LVL 93

Author Closing Comment

by:nobus
ID: 36972512
since nothing more came in i'm closing this ticket
thanks to hax, and sudeep for the info and help!
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question