Why Excessive Network Activity When System is Idle (Windows XP)

P

Paul Tilson

I recently installed Windows XP professional on my home PC. I have a cable
connection through a local cable company. When I click on the icon to show
the local area connection, the number of bytes received is always large and
continually growing at a pace of about 300 bytes each time it changes. This
happens even though nothing is going on in my system.

At first I thought I had some spyware doing something and I reformatted the
hard disk and reloaded XP. Before I loaded anything else, I checked the
network activity. Sure enough the bytes downloaded grow steadly even though
I don't have anything running. There is nothing else loaded on the PC. The
bytes uploaded remain constant unless I run IE or some other program that
uses the network.

Question: Is this normal for XP? If so, what is it doing?

I had Windows 2000 professional on my PC before going to XP, and it didn't
do this. If nothing was going on, the bytes downloaded would stay the same.

Is this an XP thing?

Paul.
 
S

Steve Winograd [MVP]

"Paul Tilson" said:
I recently installed Windows XP professional on my home PC. I have a cable
connection through a local cable company. When I click on the icon to show
the local area connection, the number of bytes received is always large and
continually growing at a pace of about 300 bytes each time it changes. This
happens even though nothing is going on in my system.

At first I thought I had some spyware doing something and I reformatted the
hard disk and reloaded XP. Before I loaded anything else, I checked the
network activity. Sure enough the bytes downloaded grow steadly even though
I don't have anything running. There is nothing else loaded on the PC. The
bytes uploaded remain constant unless I run IE or some other program that
uses the network.

Question: Is this normal for XP? If so, what is it doing?

I had Windows 2000 professional on my PC before going to XP, and it didn't
do this. If nothing was going on, the bytes downloaded would stay the same.

Is this an XP thing?

Paul.

XP's automatic update feature downloads updates from Microsoft
silently in the background. The Service Pack 2 update is quite large.

To see what programs are accessing the Internet, install a firewall
program like ZoneAlarm.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
P

Paul Tilson

I have Windows XP Service Pack 2 and all of the updates loaded on my PC,
therefore there should not be any downloading going on. To prove this I
check my disk space, as the internet activity is going on, and nothing is
being saved to my disk. The space used stays the same over a 30 minute
period but the bytes downloaded go up by the megabytes. I don't think that
the activity is caused by Windows downloads.

Thanks for the advice to install ZoneAlarm, but I am using the Windows
firewall and hoped to not have to install another firewall program. Is there
anything else that can show me the activity that is built into Windows XP?

Thanks,

Paul
 
E

Eric Cross [MVP]

Greetings Paul,

Nothing in the Windows Firewall will monitor and control anything outbound.
A third party firewall like ZoneAlarm will monitor and control anything that
is trying to access the Internet.


_____________
Eric Cross
Microsoft MVP (Windows Networking)
http://mvp.support.microsoft.com
 
C

Chuck

I recently installed Windows XP professional on my home PC. I have a cable
connection through a local cable company. When I click on the icon to show
the local area connection, the number of bytes received is always large and
continually growing at a pace of about 300 bytes each time it changes. This
happens even though nothing is going on in my system.

At first I thought I had some spyware doing something and I reformatted the
hard disk and reloaded XP. Before I loaded anything else, I checked the
network activity. Sure enough the bytes downloaded grow steadly even though
I don't have anything running. There is nothing else loaded on the PC. The
bytes uploaded remain constant unless I run IE or some other program that
uses the network.

Question: Is this normal for XP? If so, what is it doing?

I had Windows 2000 professional on my PC before going to XP, and it didn't
do this. If nothing was going on, the bytes downloaded would stay the same.

Is this an XP thing?

Paul.

Paul,

You should expect a certain level of unsolicited incoming traffic, that's not
directed at you personally. Address resolution (ARP) broadcasts, and probes by
infected computers broadcasting their infections to the world as a whole, are
normal. If you're otherwise protected, you're safe.

The XP Local Area Connection Status applet will show you the volume of this
unsolicited traffic. I'm curious why your Windows 2000 applet didn't indicate
the same volume, but believe me, the volume is there. You do need to protect
yourself though.

With a cable broadband connection, you will have a lot of neighbors who may not
adequately protect their computers. And if you're unprotected, their computers
may infect yours. A layered protection strategy is necessary in this case.
Each layer is necessary because no layer produces complete protection.

A NAT router is the first layer in a good layered defense. A NAT router "acts
as a firewall" in that it passes only requested traffic back to the computer
that requested it.

See <http://www.firewall-software.com/firewall_faqs/what_is_a_firewall.html>

One NAT router protects your entire LAN. If you have only one computer, it
protects that computer.

The second layer is a software firewall, or a port monitor like Port Explorer
(free) from <http://www.diamondcs.com.au/portexplorer/index.php?page=home>. See
various discussions in comp.security.firewall for good advice on choosing a
firewall. A software firewall can selectively block incoming or outgoing
traffic, and a port monitor can at least let you know what's going on.

The third layer is good software, also on each computer. This layer has
multiple components.

AntiVirus protection. Realtime, plus a regularly scheduled virus scan.
Regularly updated. AV protection is not all that's needed today.

Adware / spyware protection. Realtime, plus a regularly run adware / spyware
scan. Regularly updated.
Complete instructions, using Spybot S&D and HijackThis (both free) are here:
<http://forums.spywareinfo.com/index.php?showtopic=227>.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)

Block known dangerous scripts from installing.
<http://www.javacoolsoftware.com/spywareblaster.html>

Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>

Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/

Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).

Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>

Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.

The fourth layer is common sense. Yours. Don't install software based upon
advice from unknown sources. Don't install free software, without researching
it carefully. Don't open email unless you know who it's from, and how and why
it was sent.

The fifth layer is education. Know what the risks are. Stay informed. Read
Usenet, and various web pages that discuss security problems. Check the logs
from the other layers regularly, look for things that don't belong, and take
action when necessary.
 
L

Lance

Paul Tilson thought carefully and wrote on 12/14/2004 8:08 PM:
I have Windows XP Service Pack 2 and all of the updates loaded on my PC,
therefore there should not be any downloading going on. To prove this I
check my disk space, as the internet activity is going on, and nothing is
being saved to my disk. The space used stays the same over a 30 minute
period but the bytes downloaded go up by the megabytes. I don't think that
the activity is caused by Windows downloads.

Thanks for the advice to install ZoneAlarm, but I am using the Windows
firewall and hoped to not have to install another firewall program. Is there
anything else that can show me the activity that is built into Windows XP?

Thanks,

Paul

You can turn on Windows Firewall logging. Maybe that'll give you a clue
of where those bytes are coming from.

Go to Control Panel, Windows Firewall, Advanced tab. In the Security
Logging section click on the "Settings" button to setup logging.

FirelogXP is a really simple log analyzer that will help sort the log
entries:
http://www.2brightsparks.com/freeware/freeware-hub.html

Lance
*****
 
L

Lance

Lance thought carefully and wrote on 12/14/2004 9:54 PM:
You can turn on Windows Firewall logging. Maybe that'll give you a clue
of where those bytes are coming from.

I should add a warning that you'll probably be shocked at the amount of
incoming traffic you see. The traffic you see is probably normal.

Lance
*****
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top