Was I a zombie?
February 16, 2006 6:11 AM Subscribe
A rule of thumb for volume of sent / received data during internet surfing?
So, after my computer got back from repairs it was not fully set up for security and I started surfing... after an hour or so, I saw a really high ratio: sent about 16mb, received about 3mb, this with no uploading or anything on my part.
Turned on windows firewall, then saw it drop in next session to about a 1:1 sent / recieved ratio... but this still seems very high, doesn't it? All I should be sending are the requests for pages, some confirmation that it is coming in...
As a general rule, what sort of sent / received ratio would be "normal", if you are ONLY surfing the net? Was I zombified, and contributing to DOS attacks etc during that first session? How worried about this should I be?
So, after my computer got back from repairs it was not fully set up for security and I started surfing... after an hour or so, I saw a really high ratio: sent about 16mb, received about 3mb, this with no uploading or anything on my part.
Turned on windows firewall, then saw it drop in next session to about a 1:1 sent / recieved ratio... but this still seems very high, doesn't it? All I should be sending are the requests for pages, some confirmation that it is coming in...
As a general rule, what sort of sent / received ratio would be "normal", if you are ONLY surfing the net? Was I zombified, and contributing to DOS attacks etc during that first session? How worried about this should I be?
Response by poster: Follow up question:
Is there some easy way (a log, or something?) to see exactly what traffic I am sending where?
posted by Meatbomb at 6:49 AM on February 16, 2006
Is there some easy way (a log, or something?) to see exactly what traffic I am sending where?
posted by Meatbomb at 6:49 AM on February 16, 2006
Best answer: Ethereal will capture and let you examine every packet that comes and leaves your PC (and lets you filter and color them to make that a reasonable thing to do).
posted by mendel at 7:21 AM on February 16, 2006
posted by mendel at 7:21 AM on February 16, 2006
Yes, that seems very high. Have you scanned it for spyware?
posted by bshort at 8:07 AM on February 16, 2006
posted by bshort at 8:07 AM on February 16, 2006
I agree with paulsc - experience tells me 1:10 is about right
posted by falconred at 8:32 AM on February 16, 2006
posted by falconred at 8:32 AM on February 16, 2006
You can get a quick idea of what's going on by opening a Command Prompt and running the 'netstat' command. This'll show you your computer's active connections: what IP address you're connected to, and which port.
For instance, I just opened google.co.uk, and running netstat immediately afterwards showed something like:
netstat has a few other options; run 'netstat -h' to see more info.
posted by chrismear at 11:34 AM on February 16, 2006
For instance, I just opened google.co.uk, and running netstat immediately afterwards showed something like:
Proto Local Address Foreign Address State TCP murray:1100 216.239.59.99:http ESTABLISHEDThis tells me that my computer (called 'murray') is connected to 216.239.59.99 (a Google server) on its http port (the port that's used for connecting to web servers).
netstat has a few other options; run 'netstat -h' to see more info.
posted by chrismear at 11:34 AM on February 16, 2006
b1tr0t, his ratio is the other way around: 16:3, not 3:16.
posted by mendel at 6:23 AM on February 17, 2006
posted by mendel at 6:23 AM on February 17, 2006
Best answer: Have you tried Netlimiter Monitor? It'll tell you which application's doing what traffic-wise.
posted by d-no at 4:04 PM on February 17, 2006
posted by d-no at 4:04 PM on February 17, 2006
This thread is closed to new comments.
Windows XP SP2, Firefox 1.0.7 (mostly)
posted by paulsc at 6:21 AM on February 16, 2006