PE not showing traffic

If this is already covered somewhere else in the forum ... sorry in advance.

I was doing some maintenance of things when I noticed something that bothered me.

I'm using 'Bandwidth Monitor' to track throughput to/from my server PC (home lan), it also shows the current total speeds in and out. I noticed that it was showing traffic thru my NIC when I wasn't expecting any. I opened up PE and clicked on the 'ALL' tab, and according to PE there were no processes that showed any traffic under the 'Sent' or 'Received' columns. They were all at 0.00KB/s. Also the 'Window Log' area didn't have any activity, while the link light on my switch was flashing away. I traced it back to my roommate's PC (by pulling Cat5 cables), he was watching a video file.

What worries me is that PE didn't show any traffic for an active transfer of data. What if his machine gets infected w/ a trojan (again) and they start leeching off my network thru him.

'Hide Netstat Sockets' is disabled
Refresh is set to 1 second
'Reduce Memory Usage' is enabled

Thanks in advance,
Al

 

Hi freaky al, Port Explorer can only see what is happening between you and your network / router.

If you want to see all of the outbound connections including those of other users then you will need to view your Router's logs, which may be adequate but quite often give minimal information.

There are certain routers that can use add in logging programmes which can monitor all connections and that run from just one PC such as Wall Watcher.

HTH Pilli

 

PE shows all the 'svchost.exe' & '* SYSTEM' stuff from my server PC to my roommate's PC. I am talking about his connections to my server within the lan, I realize PE won't monitor his connections to the outside world without it being installed on his PC, or the use of a sniffer on the lan.

Bandwidth Monitor is installed on the server PC, PE is on the server PC, BW Mon shows traffic on the server's NIC, PE shows no active traffic to/from the server PC.

thx for the reply ... I'm sorry I wasn't clear enough.

 

There is always traffic between the router and connected devices, these may not be TCP or UDP packets but others such a ICMP:
http://www.freesoft.org/CIE/Topics/81.htm

HTH Pilli

 

Gotcha ... time to RTFM

No worries ... thx,
Al

 

I was under the impression that ICMP was only for configuration messaging. Coping/moving/viewing files from one pc to another over a lan under windows is supposed to be done via TCP ... am I wrong?

 

Yes, ICMP is a control protocol used for PING and other configuration messages.
File transfer is usually done over TCP or UDP.
Windows usually uses TCP ports 139/445 and UDP ports 138/445 for "File & Printer Sharing"

 

So I'm not mistaken then when I expect to see an established socket connection of some form (TCP or UDP) with speeds and incrementing totals in PE for a file transfer over a windows lan, from say 192.168.1.100 to 192.168.1.101?

 

Just a thought, When you see th 0.00KB in the Sent Received columns then the totals do not show unless you widen the columns by default the totals do not show in an unwidened column.

Pilli

 

I run a dual 1600x1200 desktop ... so there is plenty of real estate. I can see both the speeds and (totals) in the same column.

Would the above described transfer be a 'svchost' or 'SYSTEM' process?