Lots of Network Activity

[Guest]

I have Windows XP Pro installed on my laptop and notice that I have
continuous network activity when I am logged into my work domain or using my
home network. I run SpyBots S&D and Norton Anti-virus, plus I run Ad-Aware
periodically. I removed several programs in ADD/REMOVE PROGRAMS, but I cannot
determine what all the activity is from. I am sure that our IT Staff would be
happy to reformat the hard drive for me, and reinstall MS applications, but
is there a way to monitor the actual network activity on my laptop to see
what is sending and receiving all that data?

 

[Chuck]

I have Windows XP Pro installed on my laptop and notice that I have
continuous network activity when I am logged into my work domain or using my
home network. I run SpyBots S&D and Norton Anti-virus, plus I run Ad-Aware
periodically. I removed several programs in ADD/REMOVE PROGRAMS, but I cannot
determine what all the activity is from. I am sure that our IT Staff would be
happy to reformat the hard drive for me, and reinstall MS applications, but
is there a way to monitor the actual network activity on my laptop to see
what is sending and receiving all that data?

Jim,

You can use TCPView (free from SysInternals) to identify programs active with
network connections.
<http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#TCPView>
http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#TCPView

But if you want to identify the volume producers, you'll need something like
Port Explorer, which will track each network connection by bytes in and out, and
let you sort the tracking list by either figure. Port Explorer has a trial
version that's free; the paid version even has a mini packet analyser.
<http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS>
http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS

 

[Guest]

Hello Chuck. I think you meant Process Explorer. And I appreciate your reply.
Since my original post, I have install ZoneAlarm, and although it is an
uphill battle to get it set up in my domain-based environment here at the
college, it has stopped the activity. It seems that one of the culprits was
System mechanic which phones home a LOT. Also, since I am at a state
university, I get scanned a lot, particularly from China and Korea. That is
now also blocked.

Thanks so much for your help. I also recommend going to Tom Coyote's help
site and using Hijack this. But make sure that when it is used, you do NOT
delete anything until someone more knowledgeable about the registry looks at
the hijack this log first.

Regards, Jim Darrough

 

[Chuck]

Hello Chuck. I think you meant Process Explorer. And I appreciate your reply.
Since my original post, I have install ZoneAlarm, and although it is an
uphill battle to get it set up in my domain-based environment here at the
college, it has stopped the activity. It seems that one of the culprits was
System mechanic which phones home a LOT. Also, since I am at a state
university, I get scanned a lot, particularly from China and Korea. That is
now also blocked.

Thanks so much for your help. I also recommend going to Tom Coyote's help
site and using Hijack this. But make sure that when it is used, you do NOT
delete anything until someone more knowledgeable about the registry looks at
the hijack this log first.

Jim,

Please read my articles more completely. Port Explorer provides a list of open
ports, and shows the bandwidth and volume of traffic in each port. That's how
you will find processes, on your computer, abusing your bandwidth.

HijackThis will find processes by their static traces (registry keys etc). Port
Explorer finds processes by network activity. Process Explorer finds processes
by their system activity, and has a network activity graph, but Process Explorer
does not do network activity analysis like Port Explorer.