Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Excessive Sent Packets


  • Please log in to reply
5 replies to this topic

#1 yatobe5052

yatobe5052

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 10 March 2007 - 09:41 PM

Dell Dimension 4550, 2.4Ghz, 512 ram, XP Home SP/2, Zone Alarm, Command Antivirus.
Computer runs slower than when new. Sometimes doing the simplest thing seems to take longer than it should.
Then I noticed I continually have excessive sent packets compared to received packets when checking my local area connection status. After rebooting, numbers are reset to zero and increment equally while logged on. If computer is put into standby mode (idle status) the sent packets are excessive when checked after a while. Presently at 17+billion / 16k (sent / received packets) after 2 days since last reboot. I have checked for updated drivers for my network card (Intel PRO/100 VE) but it appears that I already have the latest driver, removed driver and reloaded anyways. Have checked startup list and see nothing out of the ordinary for programs running in the background. Ran Ad-aware, Spybot, and antivirus, all with latest def files. Could I have some hidden software trying to send info? I know there is nothing actually leaving because the numbers of sent packets increase even when I have the cable disconnected from the network. I'm looking for any help before I just format and start over. Would a Hijackthis log help?
Determined but frustrated..........

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:01:39 PM

Posted 11 March 2007 - 09:19 AM

Check to see if your resident firewall has a usable "packet log." This would indicate what applications are sending these out. It may be simply a matter of polling, especially if you keep your computer connected to the internet during standby mode.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 yatobe5052

yatobe5052
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 11 March 2007 - 12:05 PM

jgweed,
Thanks for the reply. My firewall log shows blocking of only incoming entries. Would I be correct in assuming sent packets are originating from my computer? Besides, I get the same results if I disconnect the high speed cable from the wall. I see nothing else in the log that would account for my problem. Do you know of some other way to log background activity when idle? When active, everything seems normal (sent/receive packets increase approximately equally), except sometimes computer is slow. What exactly did you mean by polling? Did you mean from the outside in or my computer trying to send info out?
Thanks for any other suggestions or direction, Tom

#4 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:01:39 PM

Posted 11 March 2007 - 07:54 PM

Your computer will, even if you are not doing anything, from time to time send a packet to the ISP server to see if there is data to be transmitted, or just to say "hello I'm still here."

"Presently at 17+billion / 16k (sent / received packets)"
Are you certain of the figures? Is the billion the number of bytes or the number of packets?

What firewall are you using?

Regards,
John

Edited by jgweed, 11 March 2007 - 07:55 PM.

Whereof one cannot speak, thereof one should be silent.

#5 yatobe5052

yatobe5052
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 12 March 2007 - 11:39 AM

The local area connection status screen says packets. I could send a screeshot if you want. But either way, if it's bytes then the received numbers don't make a lot of sense. I'm looking more at the fact that there is such a discrepancy between the two, sent and received. I tried a few other things and rebooted my network controller. Everything is pretty stable when online, sent and received increased moderately (1 to 2k each) then went into standby mode with all internet activity blocked in Zone Alarm. After a half hour of standby time the local area connection screen showed 4+billion sent and 6k received.
I'm using Zone alarm (free version). I do see quite a few instances of Chinese IP addresses in the log but they are all blocked as incoming. The log shows nothing at times when I'm not on the computer, so I can't see anything that is happening when in standby.
I've seen my problem (Google "excessive sent packets") come up now and again on other boards but there never seems to be a definitive answer as to what's happening. SP/2 was supposed to correct some idle time problem (didn't help mine), someone suggested reloading driver for network controller (didn't help either).......
Computer is still usable but very frustrating to not know what is causing this. Other machines I look at don't exhibit this condition.
Other ideas?.........
Thanks for your time up to this point, Tom

#6 yatobe5052

yatobe5052
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 28 March 2007 - 05:53 PM

As a follow up to my original problem of excessive packets sent in the local area connection status screen.................checking an article on the Microsoft knowledge base site (article #317751), I noticed they called out two dll files and stated to make sure the file version attributes were 5.1.2600.28 or later. Checking my file version, I noticed mine are 5.1.2600.2180. Which one of these are the latest file........ .28 or .2180? Every site I check for downloading dll files have the .2180 file. If this is the earlier file version, where can one get the .28 file? I guess my other question would be.....is there some convention as to what the version numbers mean? ( I have one of these files in my I386 folder that is a 5.1.2600.1106 file version with a comment in parentheses mentioning xpsp1. I'm wondering if the last number group starts with 1 then it's SP1 and if it starts with 2 then it's SP2....... or is this just a coincidence?)
I just hate the unknown..........if you dig deep enough there's always a reason for things.
Can anyone clear up my confusion?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users