ello All, I am hoping someone can figure out, how when off line, the pc continues to send packets in mass amounts? In 9 hours only on line for 30 minutes total with the pc on, it tried to send 9 billion 387 million and afew 100 thousand packets. Recieved 20,900 I feel like" Radio free europe" is inside the pc broadcasting. The pc continues to send packets online or not as long as I don't restart the machine, then the packet count starts all over again. SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1232 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1229 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1225 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1218 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1234 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1235 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1231 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1244 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1236 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1243 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1247 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1249 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1250 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1251 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1268 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1252 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1265 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1269 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1261 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1262 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1267 | TIME_WAIT | --- | --- | | SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1035 | 127.0.0.1 | 1271 | TIME_WAIT | --- | --- | | SYSTEM | --- | 4 | TCP | 0.0.0.0 | 445 | 0.0.0.0 | 0 | LISTENING | --- | --- | | SYSTEM | --- | 4 | TCP | 64.83. | 139 | 0.0.0.0 | 0 | LISTENING | --- | --- | | SYSTEM | --- | 4 | TCP | 0.0.0.0 | 1028 | 0.0.0.0 | 0 | LISTENING | --- | --- | | SYSTEM | --- | 4 | UDP | 64.83.| 137 | *.*.*.* | * | LISTENING | --- | --- | | SYSTEM | --- | 4 | UDP | 64.83. | 138 | *.*.*.* | * | LISTENING | --- | --- | | SYSTEM | --- | 4 | UDP | 0.0.0.0 | 445 | *.*.*.* | * | LISTENING | --- | --- | | vsmon.exe | 21:55 22/05/2003 | 168 | TCP | 0.0.0.0 | 1035 | 0.0.0.0 | 0 | LISTENING | 0/0 | 0/0 | | ccapp.exe | 21:53 22/05/2003 | 456 | TCP | 127.0.0.1 | 1029 | 0.0.0.0 | 0 | LISTENING | 0/0 | 0/0 | | mozilla.exe | 21:54 22/05/2003 | 624 | TCP | 127.0.0.1 | 1031 | 127.0.0.1 | 1030 | ESTABLISHED | 0/0 | 68/61 | | mozilla.exe | 21:54 22/05/2003 | 624 | TCP | 127.0.0.1 | 1030 | 127.0.0.1 | 1031 | ESTABLISHED | 68/68 | 0/0 | | mozilla.exe | --- | 624 | TCP | 0.0.0.0 | 1031 | 0.0.0.0 | 0 | LISTENING | --- | --- | | mozilla.exe | --- | 624 | TCP | 127.0.0.1 | 1030 | 0.0.0.0 | 0 | LISTENING | --- | --- | | lsass.exe | 21:53 22/05/2003 | 728 | UDP | 0.0.0.0 | 500 | *.*.*.* | * | LISTENING | 0/0 | 0/0 | | svchost.exe | 21:53 22/05/2003 | 916 | TCP | 0.0.0.0 | 135 | 0.0.0.0 | 0 | LISTENING | 0/0 | 0/0 | | svchost.exe | 21:53 22/05/2003 | 916 | UDP | 0.0.0.0 | 135 | *.*.*.* | * | LISTENING | 0/0 | 0/0 | | svchost.exe | 21:53 22/05/2003 | 1016 | TCP | 0.0.0.0 | 1025 | 0.0.0.0 | 0 | LISTENING | 0/0 | 0/0 | | svchost.exe | 21:53 22/05/2003 | 1016 | UDP | 0.0.0.0 | 1026 | *.*.*.* | * | LISTENING | 0/0 | 0/0 | | svchost.exe | 21:53 22/05/2003 | 1016 | UDP | 64.83. | 123 | *.*.*.* | * | LISTENING | 0/0 | 0/0 | | svchost.exe | 21:53 22/05/2003 | 1016 | UDP | 127.0.0.1 | 123 | *.*.*.* | * | LISTENING | 0/0 | 0/0 | | svchost.exe | 21:53 22/05/2003 | 1172 | UDP | 0.0.0.0 | 1027 | 64.83. | 53 | LISTENING | 20/810 | 19/3283 | | svchost.exe | 22:04 22/05/2003 | 1172 | UDP | 0.0.0.0 | 1161 | 64.83.223.3 | 53 | LISTENING | 3/122 | 3/301 | | svchost.exe | 22:04 22/05/2003 | 1172 | UDP | 0.0.0.0 | 1162 | 64.83.22 | 53 | LISTENING | 16/655 | 16/2071 | -------------------------------------------------------------------------------------------------------------------------------------------------- Here is the log tonight Thanks David
Hi How are you seeing the traffic counts ? The data shown there sent and received is low, nowhere near the high numbers you have given, you should take a screenshot of the statistics you are seeing so we can all see. If you can, have Port Explorer in the background, and save the table again as you have done above.
I think he means in the window log or file log he is seeing millions of log attempts. David, do you have any applications open which continuously poll for an internet connection? ie maybe some app is trying to see if it can connect to a server over and over again? -Jason-
See the related thread with additional background information here: https://www.wilderssecurity.com/showthread.php?t=9487 My original thought was that this was the network connectoid window where it lists sent and received packets. If it was a log file - 9 billion plus attempts logged in a few hours would seem to be impossible for a disk file to handle. I remember a few months ago seeing a user with a similar problem at DSLR. Their network connection window was showsing 10s or 100s of billions of packets being sent in just a couple hours. Thoughts at the time were running along the lines of a bad connectoid, but, no resolution was ever posted, and that thread is now long gone from the forum (DSLR archives out old threads, I believe).
David, i think you mean those svchost processes at the bottom, right? In PE rightclick on such a process and it will tell you what it is. If you're not connected to internet, the outside IP address should not be possible, unless it was your own permanent IP, but even then! You can look with the Socket Spy what the packets are. Maybe your music player wanting access to internet, or a live updater for your virus scanner, some agent detecting your availability on internet, that kind of things.