Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Networking Networking
Search Search
Search for:
Tech Support Guy > > >

Massive Amounts of Network Packets / Traffic


(!)

TheWhiteKnight's Avatar
TheWhiteKnight TheWhiteKnight is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Jun 2011
Location: Pennsylvania
Experience: Advanced
27-Jun-2011, 12:09 AM #1
Question Massive Amounts of Network Packets / Traffic
Sup? 1st Time Techyguy.org User Long-Time PC Abuser,

Got my gf a Dell XPS17, being a long time user of XP (It will die a legend) I am not fond of "new advances" as they can sometimes create more holes than they fill. One big reason I am already not a fan of Windows 7 is because while some things have improved other things have gotten worse. By far this is the worst problem:

In XP my Duration online can be 1-2 days for example and would barely hit a million or a million and a half of packets for sent and outgoing individually. With the Same exact setup in Windows 7 what takes days in XP I experience in about 1 Hour in Windows 7! As of right now there is over 19million outgoing packets! Similar for received and I had just repaired/refreshed the settings! What gives?? I have searched online and came up pretty dry on this. I am hoping i'm not the only one with this issue on the machine.

Before you suggest it, I'm not a n00b but I could have overlooked somethings, I have already ran a Spybot Search & Destroy Scan and a Windows Security Essentials Scan to no avail. I'm fairly certain the system is clean.

By the way it has an Intel 1000BGN Internal Adapter but I have it disabled and am using an Alfa AWUS036h b/g adapter. The router is a Netgear N300 WNR2000v2. It is experiencing very low speeds 1-5.5 and usually a stable 11mbps. I believe this network traffic is causing both the low speeds and random but frequent limited access / disconnections.

Please advise!
TheWhiteKnight's Avatar
TheWhiteKnight TheWhiteKnight is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Jun 2011
Location: Pennsylvania
Experience: Advanced
27-Jun-2011, 12:12 AM #2
Additional Info: I heard about Netlimiter and gave it a try, I like it better than Wireshark because it is more user friendly and also tells you what program or service is responsible for the specific traffic in question. Using it only confirmed my suspicions because the apps running barely use any bandwidth. I have also changed windows update from automatically download and install to ask me before doing either and this has had no effect on the packets sent or received. I didn't bother to turn it off completely after that result.

Mind you sent packets are moving the fastest despite nothing running in the foreground. I don't get it.. how can a network monitor that is supposed to see all traffic not display what's obviously flowing through? (I am witnessing this / going by what is shown in the status window.) I can post a link to 2 videos for comparison between my XP laptop and the XPS Win 7 x64 (Home Premium I believe) laptop if anyone doesn't believe the difference. Almost exact same setup just different OS's.. I am stumped as to why..
fairnooks's Avatar
Account Disabled with 5,251 posts.
 
Join Date: Oct 2007
Experience: Advanced
27-Jun-2011, 12:50 AM #3
I just checked both my routers and they're both sitting between two and two and a half million packets in/out; but I don't know what the default timeframe is for that; 24 hrs?

I have a bleepload of systems both XP and Win7 online all the time so 19 million is impressive and like you said, you're monitoring programs so it can't be somethings like an online backup program or online gaming or an extra CPU cycles project to fold protiens or something...its a good mystery. : )
TheWhiteKnight's Avatar
TheWhiteKnight TheWhiteKnight is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Jun 2011
Location: Pennsylvania
Experience: Advanced
27-Jun-2011, 01:00 AM #4
It climbs so fast.. here's a link of what my XP is like on a typical normal day:

http://goo.gl/EBzRt

I'll try to record the Win7 one asap to show what i'm dealing with. Just to be sure, there isn't a way in Win7 to use the default zero configuration windows utility for my Alfa adapter is there? I know in XP I can do it but can't find it in 7. If it is possible is it recommended to do that or is disabling the internal one and using Alfa's Utility the proper way to go about it? It has me a little confused because the status for windows shows full everything (54/5) while if for example the Alfa will show 11mb only. I don't know where it gets its reading.
TerryNet's Avatar
Computer Specs
Moderator with 66,463 posts.
 
Join Date: Mar 2005
Location: Ottawa, IL
27-Jun-2011, 12:18 PM #5
Do you get the same problem with an ethernet connection or just with Wi-Fi?

If the problem does not occur with ethernet please attach a screen shot of the Networks page of the Xirrus Wi-Fi Inspector.
jiml8's Avatar
Member with 2,634 posts.
 
Join Date: Jul 2005
Experience: I've been at this for too long.
27-Jun-2011, 12:54 PM #6
Windows 7 calls home A LOT. However, I doubt it calls home enough to account for all the traffic you are describing.

For myself, I have identified and blocked the following microsoft URLs that Windows 7 calls:

sudo iptables -I FORWARD -s 172.16.187.0/24 -d activation.sls.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d sls.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d www.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d spynet2.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d spynettest.sls.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d content.windows.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d windows.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d logging.windows.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d www.msftncsi.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d msnhst.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d wwwco1vip.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d crl.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d watson.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d watson2.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d watson3.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d watson4.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d watson5.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d watson6.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d officewatson.officeupdate.microsoft.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d 64.4.0.0/16 -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d 65.52.0.0/16 -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d cds90.sjc9.msecn.net -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d time.windows.com -p all -j DROP
sudo iptables -I FORWARD -s 172.16.187.0/24 -d cds39.sjc9.msecn.net.microsoft.com -p all -j DROP
TheWhiteKnight's Avatar
TheWhiteKnight TheWhiteKnight is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Jun 2011
Location: Pennsylvania
Experience: Advanced
27-Jun-2011, 04:57 PM #7
sup guys, @ TerryNet I am unable to do a hardwired connect, but I am in the process of doing a couple things about it. I am receiving help on this from 1 other forum and will be sure to post the progress and attempts here as well for all to see the inevitable solution/conclusion for anyone experiencing this in the future.

@jiml8 Great info buddy. It's info like that I was looking for. Much appreciated. I will post a progress report as soon as I can.
TheWhiteKnight's Avatar
TheWhiteKnight TheWhiteKnight is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Jun 2011
Location: Pennsylvania
Experience: Advanced
28-Jun-2011, 07:21 PM #8
So Initially I was only going by Task Manager (Network Tab) which didn't show what I most definitely found in Resource Monitor that came with Windows 7. In addition, Safe Mode didn't stop this either and I ignorantly assumed if McAfee hadn't found it and wasn't the cause, and the firewall wasn't already blocking it, AND MSE didn't find anything then it must not be a virus/malware. I overlooked it and that's my fault for jumping all around for conclusions, I hadn't considered that it could have been malware that was trusted onto the system already. Word to the wise, always work in order and in steps. heh.

So basically I told my gf that if it's not the router and not the adapter (after a ton of troubleshooting) it has to be a virus/malware (only a virus or malware could ever cause such headache usually) but I guess if you know women (or any PC amateur) you know they can be kind of careless and not tell you everything. Never give the benefit of the doubt when it comes to an amateur and a PC lol. She used to have a popular store in SL and basically had downloaded a couple mmorpg's? games tied with Aion and GamersFirst and this horrific malware called Pando Media Booster that was either used for updates to Aion or to try other games. She chalked it up to *nerd guilt*

Here's some info I found about PMB.exe:

"Not only is Pando Media Booster a bandwidth leech/thief, it also causes probs for web devs.
Chances are that if you run a webserver (for development or whatever) on your work/gaming machine, after installing PMB it will claim port 80 (and 443), causing your webserver to shut down.
"Pando Media Booster uses standard ports for communication that are open by default with the majority of firewalls"
Is that for a stealthy install and/or running a sneaky distributed webserver farm?!
For such a drastic effect, don't you think there should be a warning when installing this software?
It's a thinly veiled virus and nothing more."

*Update: PMB.exe is tied to a game called APB.

Here's the video of my XP status again

http://goo.gl/EBzRt

Now a 3m video of status on the problematic Win7 machine:

http://goo.gl/aercx

Is that not pretty massive? At least in comparison to XP?

Here's the resource monitor pic:

http://goo.gl/GF6XP

Haha immediately it's like uhh what's that doing there..

Here's a Netlimiter pic:

http://goo.gl/uoI8m

That's when I noticed the GamersFirst thing. I don't know if it's obvious why I missed it at first considering in Netlimiter it didn't look as threatening as in the RM. All has been uninstalled. Including junk toolbars and the whole ADP game. Also got rid of some Akamai Accelerator thing that I didn't trust. Ran StartupCPL and noticed one app that starts on startup with absolutely no name or directory and unchecked a few other unnecessary things. Unfortunately after a reboot it's still disconnecting so I am looking for any traces or similar malware, specifically in msconfig/services.msc. Is ESET capable of finding things like this automatically and removing it? I thought MSE was able to do it but I guess not. I'm gonna try SpyDoctor via googlepack and see what it gets. It's ashame Spybot didn't find it.

*Update: Instead of SpyDoctor I gave MalwareBytes a try since it is a 1/10th of the size of SD and the connection speed is lacking on wifi. After fully updating it it only turned up 1 infection which was something in the recycle bin and has been quarantined so no luck really there. I wanna note that when connected to At&t's MiFi the laptop doesn't d/c anymore. It still shows high traffic but marginally less than before. Some things do seem faster and more open after eliminating Pando. Something still isn't right. I can feel it.

To sum up the network issues I am currently dealing with:

- Random D/C's and slow speeds on main network randomly and sometimes every few minutes and only able to connect to it (54mbps/4Bars) with Alfa (b/g only adapter). Internal can barely detect it and if it does it sits @ 1mbps-5.5 waiting to d/c. On MiFi Network able to connect with both adapters and stable now. No issues there.
- High Network Traffic
- Internal Adapter Unable to detect network and therefore I can't utilize N speeds. (ISP is Comcast) Router is configured fairly properly.. NAT is open not secured. 300mbps max. channel 1 no interference. inSSIDer shows nearly every other local network fighting on 6 or 11. I thought it would have solved it considering it was on 6 before but no dice. MMS on. MTU back to 1500. WPA2-PSK [AES] (Was initially on wpa2-psk [aes] + [tkip]

Unfortunately I am unable to test a hard-wired connect currently.

Last edited by TheWhiteKnight; 29-Jun-2011 at 01:45 PM.. Reason: to make less "episodic"
TheWhiteKnight's Avatar
TheWhiteKnight TheWhiteKnight is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Jun 2011
Location: Pennsylvania
Experience: Advanced
28-Jun-2011, 07:29 PM #9
There still seems to be something hogging the bandwidth and the rate increase is very high. I do not see anything else that explains it.

I have disabled RDC in add/remove program features. And have also manually disabled Auto-Tuning in netshell. There wasn't an immediate improvement as I think this affects local network traffic speed more than internet. I have yet to reboot following the changes and will report if it made a difference.

Adapter setting are set to automatically obtain ip address and dns server and there is no proxy set in internet options, it is automatic as well. Still the internet is very slow and sometimes I am unable to even perform a speedtest at Speedtest.com.

Please advise. I am going to attempt a TCP/IP reset in CMD.
jiml8's Avatar
Member with 2,634 posts.
 
Join Date: Jul 2005
Experience: I've been at this for too long.
28-Jun-2011, 08:27 PM #10
This is too hard to understand. You toss around too many abbreviations that are not immediately obvious and seem to have started in the middle with your explanations. Also you toss in "updates" . The result is episodic and looks like working notes rather than a complete narrative.

To find out who's talking on your lan, open a command shell window and, as an administrator, type in this line:

netstat -abov 1 >connectfile.txt

and let it run for awhile. Once a second, the netstat command will write out what connections are being made or are established and will write that out to the file connectfile.txt. After awhle, hit ctrl-c to stop the command then use wordpad to look at the file connectfile.txt.
TheWhiteKnight's Avatar
TheWhiteKnight TheWhiteKnight is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Jun 2011
Location: Pennsylvania
Experience: Advanced
29-Jun-2011, 01:42 PM #11
Come on, it's not that hard. I totally disagree with that assertion. You make it sound like i'm foreign or completely incapable of communication. I am being pretty thorough in reporting what I have done and if you compare my posts to how others typically comment in threads I don't think you would be so perfectionist about it. I only put 2 updates, one of which was an update to where the pmb.exe came from exactly (APB is the name of the game and I do not play MMORPG's so I do not know about them); and the other a progress report about a simple malware scan I ran. I don't know what abbreviations you are having trouble with since you did not list any.

D/C = Disconnect
RDC = Remote Differential Compression

Beside that, thank you for that other command line I will run it and post the results after "awhile" - whatever that means. 10m? 3hrs? I'll shoot for 30m-1hr.

Also, Today I was staring at both network status windows when I noticed in Windows 7 it says "Bytes:" not "Packets" like in XP.. ha ha I suppose that explains the difference in the rate of traffic?

If so, at least the situation helped me get rid of some problematic malware. I still am experiencing slow downloads/browsing on the machine and random/frequent disconnections but that seems to be tied to one specific network using the N300 WNR2000v2 router. I have recently done a TCP/IP stack reset which seems to have helped but the issue remains with that connection.
jiml8's Avatar
Member with 2,634 posts.
 
Join Date: Jul 2005
Experience: I've been at this for too long.
29-Jun-2011, 01:51 PM #12
I am the one reading it; I told you what I thought. If you don't agree, I don't care. If it continues in the same vein I just won't bother reading it.

It's very simple, really.
TheWhiteKnight's Avatar
TheWhiteKnight TheWhiteKnight is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Jun 2011
Location: Pennsylvania
Experience: Advanced
29-Jun-2011, 02:09 PM #13
lol What's your problem? "If you don't agree, I don't care." - Now ask me if I do.

I don't know if you feel some entitlement on this site or something but you need to get off your high horse. You sound bitter and with that attitude I don't have to be any more thorough than I already am. And no sir you are not the only one reading it. I think the present 138 views will vouch for that, of which you seem to be the one complaining about what really isn't even a problem. I think you are really over estimating your value here as I am not helpless and at your mercy although I think your ego would like that. Keep your baseless opinions and accusation to yourself please, if you don't have something positive/productive to add then leave the thread to those that will.

It's very simple, really.

P.S. I apologize to everyone else for this detracting sidebar.
fairnooks's Avatar
Account Disabled with 5,251 posts.
 
Join Date: Oct 2007
Experience: Advanced
29-Jun-2011, 02:29 PM #14
I probably would have recovered the system by now; if there's something I can't figure out in about 3 hours (roughly the same time as a recovery and reinstall of programs and accounts would take), my time is worth more than continuing to try and figure it out, a more effective way is to reinstall and then add back one thing at a time and test until the problem is either located again or it just never returns. Philosophical viewpoint, not written in stone....some problems are more intersting than others.
TheWhiteKnight's Avatar
TheWhiteKnight TheWhiteKnight is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Jun 2011
Location: Pennsylvania
Experience: Advanced
29-Jun-2011, 02:38 PM #15
Yeah you're right but for me it would actually take about a half to full day to have things set back up the right way with settings and all especially if you count the backup time. Out of curiosity what is your top backup choices?

Nothing like a fresh install.. I definitely employ that strategy in specific situations but actually the problem is fairly resolved now and seems to be isolated to this router now. I'm gonna give Dell a call and get a recovery CD just in case I ever need it.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
alfa awus036h, intel 1000 bgn, network, packet, traffic

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑