Hi,
I just did a full 65k port scan with all good results. I ran two spyware programs with no hits but tracking cookies. I’m running antivirus now, getting [and anticipating] no hits.
The problem is that my network icon’s been lit up for at least an hour. Packets seem to be changing hands about the same rate as during the port scan. 56k sent 61k received right now. I restarted the computer when I first noticed this and the network was immediately active before I even logged back on[judging by looking at the router].
How can I tell where this traffic is going?
…antivirus just finished with no hits. The hard drive light is NOT coming on. The network lights ARE on[4k more packets since last count above].
Thanks to all!
B
A full port scan is the way to start, and no open ports is a great start, but it still does not mean that you are secure, so you
Hi,
I have: Windows XP SP2 Tablet always updated with latest patches.
Network-Realtek RTL8169/8110 Family gigabit ethernet NIC
Client for Microsoft Networks
File and Printer Sharing for Microsoft Nertworks
QoS Packet Scheduler
Internet Protocol [tcp/ip]
Windows XP firewall with default settings
D-Link DI604 router/hardware firewall
AVG Free always updated and run daily
Spybot S+D frequently updated w/ teatimer
Adaware SE updated and run daily w/ adwatch
Windows Defender
Wireless disabled [separate icon w/ red x]
Other computer on network is Win 98 and seems unaffected[router
lite quiet]
Thanx!
B
Wow B, you have a nice arsenal of protection there!
The parts that scare me are the file and print sharing. I always disable these and make sure that in your local area Connection Properties, TCP/IP properties, advanced, WINS and make sure that NetBIOS over TCP/IP is disabled – unless of course, you are using the services.
I’ll bet when we look at the data going across the wire, we’ll find that it’s a program communicating with the net, be it an antivirus update, Microsoft, or something else.
The packet sniffer I use is wireshark and it’s 100% free. This was originally Ethereal, but there were some issues with the developers and the majority of them started Wireshark.
Wireshark will show you EXACTLY what is coming and going on your computer and at first it may seem intimidating, but you find it’s not really hard to use.
When you run it, click Capture and you’ll see a list of interfaces. Pick the one that has packets moving across it, then select options, put in a filename to write the packets to, then click ‘Update list of packets in real time’ (if you want to see it as it’s happening) and select start.
With this packet sniffer, you can break down the pack and see the data inside, who it’s going to, protocol used and much more.
When you see your network light going crazy, then fire up Wireshark and capture a few minutes of data, then send me the file and I’ll tell you what’s going on.
Regards,
Jim.
How do I send files{.pcap}?
The upload mgr won’t let me, and the print screen is too large…
Meanwhile I found: Anicommu–a Japanese animal shelter Blog
Wistron–a Japanese communication company
over and over in the capture screen. ?!.
Links from google:
Translated version of ht tp: //anicommu.blog19.fc2.com/
::::: Wistron :::::
Thanx!
B
Wow, those are some very strange sites! Glad to hear wireshark worked for you as planned.
I can’t wait to look at the packets and learn more. If something is on your system and managing to avoid all your security measures, then it’s probably on a lot of other systems as well!
ZIP up those packets and then send them to me. I’ll PM you with details.
Regards,
Jim.
Reports are emailed.
Activity continues NONSTOP.
Turning off when not in use…
Thanks again!
B
Good news! I checked out your packets and all appears to be well!
The traffic is UPnP traffic from your 9x computer to your d-link router. You’ll notice that tcp port 2869 is being used which is the preferred port for UPnP communication.
Think of UPnP traffic as HTML, your computer and the router are discussing Universal Plug and Play information. To stop this traffic, go into your router and disable the UPnP.
You can also turn off services that use UPnP in windows by clicking on Start, Run, and typing
Sorry about sending another file—When the post moved to this section I stopped getting e-mail notifications.
I’m tickled to see that no one is in my pc!
Thanks for doing so much research for me!
B