Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Incoming Vs Outgoing Traffic


  • Please log in to reply
8 replies to this topic

#1 th4u

th4u

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 27 February 2007 - 03:55 PM

Just recently (after my old USB modem stopped functioning) I bought and installed a new ADSL Firewall Router Modem Netgear DG834. No other changes were made to the system.

My question is about the strange relation of Sent vs Received traffic.
In my normal browsing, I definitely receive much more trafic than I send out. And with the old USB modem this was shown correctly.
Now the traffic is showing as following (which supposed to be exact opposite):
Packets Sent: 19,672
Packets Received: 8,337

I have checked my system with the HijackThis < http://www.bleepingcomputer.com/forums/ind...mp;#entry462318 > and was advised to open a new topic in the Networking.

My system specs are as following:
--
OS - Win XP Pro SP2 and IE v.7
CPU - AMD Athlon 64 X2 3800+ @ 2000MHz
MB - ASUS A8N-SLi Premium w/(2x1024) 2GB Corsair DDR 400MHz
HDD - 300GB Seagate Barracuda 7200.9 16MB SATA-II NCQ
VGA - ASUS eXtreme Nvidia GeForce N6600GT 128MB DDR3
PSU - CoolerMaster Real Power 550W
Case - CoolerMaster Centurion 532
--
In addition to this, I am running COMODO Firewall Pro, and a NVIDIA Firewall that comes with my MB. I am also running Kaspersky Anti-Virus and lots od Anti-Spyware programs.

After installing the Netgear ADSL Router DG834, I have not noticed any abnormalities in my system, rather then the disparity of incoming vs outgoing traffic.

BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:03:44 PM

Posted 27 February 2007 - 05:26 PM

Can you please post a screen shot of what is running when your computer is on. I have gone over your log and I see a lot ( and I mean a lot) of programs which could be the culperit. (CTRL ALT DEL and make a screenshot like this

#3 th4u

th4u
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 28 February 2007 - 05:03 AM

Here are my screenshots:


Posted Image

Posted Image
Posted Image
Posted Image

Posted Image

Posted Image

Posted Image



#4 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:03:44 PM

Posted 28 February 2007 - 06:07 AM

OK Thanks. This is going to take a while. There are a lot of processes which I don't know and I have to figure out what they are doing.

#5 th4u

th4u
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 28 February 2007 - 06:39 AM

Thanks fozzie, I appreciate your efforts.

I did some searching on the following line (in my HijackThis log):

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

It brought some pages:

http://www.google.com/custom?domains=www.t...A1%3B&hl=en

http://www.castlecops.com/o9list-190.html

http://support.microsoft.com/kb/914440

Not sure though, how helpful that data could be.

Edited by th4u, 28 February 2007 - 07:01 AM.


#6 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:03:44 PM

Posted 28 February 2007 - 07:49 AM

Immediate question comes up :

Can you see in your firewall which process is sending these info?

Secondly : If you shut down all Google related processes is that still the same?

#7 th4u

th4u
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 28 February 2007 - 08:16 AM

Posted Image

Re: "Can you see in your firewall which process is sending these info?"
Please clarify your question.

Re: "If you shut down all Google related processes is that still the same?"

Yes, I think so. The two reasons are:
1. Google related processes were there when I was using my old USB modem, and at that time the Received traffic was twice as big as the Sent one.
2. Just as soon as I start my PC, I see that now (when I don't have to establish a coonection manually) the Sent traffic is twice as Received.

#8 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:03:44 PM

Posted 28 February 2007 - 08:24 AM

Kapersky is the bad guy (avp.exe). He is sending out stuff to third parties?
Let me look around and find out why.

Edited by fozzie, 28 February 2007 - 08:35 AM.


#9 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:03:44 PM

Posted 28 February 2007 - 02:38 PM

I have asked some of the experts overhere, and they informed me as following

I did note the OP said

I am running COMODO Firewall Pro, and a NVIDIA Firewall

Running multiple software firewalls on a single computer can cause conflicts that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (your router) and a software firewall (Kerio or ZoneAlarm) in conjunction.


A search was done thru the Kapersky forums and similar incidents happened where AVP.exe was sending , at random, larger packets to various , randomly chosen IP numbers

http://forum.kaspersky.com/lofiversion/index.php/t6242.html
http://forum.kaspersky.com/lofiversion/index.php/t5672.html

I did a search on the IP at Sam Spade and had the following results


72.14.255.103
216.69.176.182
203.17.84.82
209.85.167.104

Perhaps you can tell whether these websites mean anything to you ( except for Google ofcourse)

My suggestion would be to :

1) turn of the NVIDIA firewall
2) uninstall the Kapersky firewall and re-install it to see whether it is doing the same. If it is maintaining this behavior ( and Kapersky is NPF (Not Paid For) I would change over to Zone Alarm




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users