Identifying mystery broadband activity

[bob2005 0]

Just got broadband and there is quite a lot of activity on the line even when I'm just reading a webpage. I can understand a little constant hand-shaking to the server, but this is quite a lot. Is there anything that can tell me which program/process is causing this?

[PattayaPete 527]

It could be lots of things. Now you are on broadband its a good idea to set up a good fire wall and run all the spyware finders like ad aware.

[bob2005 0]

I have antivir, spybot, ad-aware, spyware blaster and a few cleaners, keep them up-to-date and run them after every session. I have been infected in just 3-4 days, hardly ever before on dial-up.

 

But I would like to id the mystery traffic. Surely Windows knows what process sent a packet to be 'internet'ed'.

[Soi7 1]

I use the free Version of Zone Alarm and it works fine keeping shit off my computer

[MrMango 664]

I use the free Version of Zone Alarm and it works fine keeping shit off my computer

I have fond that a hardware router is the best firewall. You can monitor your connection, even if your computer is off line, and most can give you a detailed printout of all activity.

[Soi7 1]

I have fond that a hardware router is the best firewall. You can monitor your connection, even if your computer is off line, and most can give you a detailed printout of all activity.

 

I have my Computer on and On line always never turning it off and have never in six months had a problem but then again I use Firefox instead of IE and I am sure that helps as well.

[wagger 0]

Sygate Personal Firewall s a free applcaton to download and seems to gve me good protecton. It also gives comprehensve info about actvity and connections in real time.

[upena 2]

and better to use Mozilla Firefox than Internet Explorer

[jtiger 9]

Your machine isn't directly connected to the ISP's server machine. Instead your machine is connected to a segment of network on which other customers are also connected as well as the ISP's machine. Thus you will also see traffic that was broadcast to all machines connected to this segment of network.

 

In particular you're probably seeing lots of ARP packets. ARP stands for Address Resolution Protocol. Your machine has a unique 48 bit address called a MAC address as well as a 32 bit IP address assigned by your ISP. Packets sent over the network wire are addressed using the MAC address however packets arriving from over the internet are addressed using the IP address. The ISP's server machine, having received a packet addressed to an IP address has to figure out what the MAC address is of the machine at that IP address on the network segment. It does this by broadcasting the question to all machines on the network segment: "Whoever is assigned IP address A.B.C.D please le me know, signed the server machine". This packet is seen by every machine and causes the little lights to blink on all the modems. One machine responds "I'm at IP address A.B.C.D and my MAC address is G.J.K.L.M.N.O". Then the server machine can send the packet.

The server does save the IP to MAC knowledge for a while.. but not too long..

 

However, some of the packets are from bad guys trying to break into and take over your computer. You need a firewall these days if your computer is connected to the internet.

Edited February 1, 2006 by jtiger

[bob2005 0]

Thanks to all. Yes I use Firefox, except when a site requires IE. How can a guy get to be the richest in the world by producing rubbish. The ARP was most interesting, thanks jtiger.

 

I was relying on the XP firewall but it kept turning off (many discussions about this on tech forums) but have now put in the Kerio firewall, which might fool the probers, and it tells me in/out internet activity.

[mykl 72]

Just to add my $0.02. I xp if you press ctrl+alt+del it will bring up the task manager. This will tell you what applications are running and what processes are active.

[Taltos 7]

Bob2005. Even though you are running all those programs they might not detect anything

 

You can run a program called Hijack this.

http://www.majorgeeks.com/download3155.html

 

Run it and there are sites who will go over the list and help you with anything not wanted.

 

Even though Microsoft is not my favorit company their antispyware is quite good and found some shit the other did not.

[bob2005 0]

xp if you press ctrl+alt+del it will bring up the task manager. This will tell you what applications are running and what processes are active.

Yes, it was the Networking tab of TM showing mystery activity that started me looking at this situation.

 

Hijack this. Run it and there are sites who will go over the list and help you with anything not wanted.

Can you give me a link please ?

[Taltos 7]

Sure, might take a little time as I have to run through my Favorites for it and I got a lot.

 

When I noticed this first it was those phone calls programs that were the proplem. Even though I had said no they had never the less put self on my computer. I only noticed when I was only on Domestic servers I would notice through Costawer that the computer was making International calls if you understand my meaning. The Microsoft Antispuware took care of that.

[Taltos 7]

http://castlecops.com/

 

Bob. Here is one forum at least.

 

And just fond another.

 

http://forums.spywareinfo.com/index.php?showforum=18

 

You just have to read through what to do.

 

There is a course one thing for you to do. Format. I do that on my internet computer at least once a year, I have 4 computers wich actually sounds more impressive than it is. That might be your last resort.

Edited February 3, 2006 by Taltos

[bob2005 0]

Thank you.