Too Much Information
July 28, 2006 8:57 AM Subscribe
Why is my computer sending and receiving so many bytes of information in such a short amount of time?
I recently noticed that right after I boot up (XP), the Local Area Connection status indicated that I have sent 1,500 bytes and recieved 5,000 bytes. And the numbers just keep getting higher from there even though i am not browsing---after about 2 hours I am logging about 14,000,000 bytes recieved and 5,000,000 sent. In the past I never have seen the numbers in this vicinity. What is going on here, and how can I fix it? Is it a virus or something?
I recently noticed that right after I boot up (XP), the Local Area Connection status indicated that I have sent 1,500 bytes and recieved 5,000 bytes. And the numbers just keep getting higher from there even though i am not browsing---after about 2 hours I am logging about 14,000,000 bytes recieved and 5,000,000 sent. In the past I never have seen the numbers in this vicinity. What is going on here, and how can I fix it? Is it a virus or something?
This is interesting. If your machine had been compromised, you'd be sending way more than you'd be receiving. But your send rates are pretty high if you're just grabbing patches off of Windows Update.
netstat -abn output would indeed be helpful.
posted by effugas at 9:06 AM on July 28, 2006
netstat -abn output would indeed be helpful.
posted by effugas at 9:06 AM on July 28, 2006
Second running netstat. Sounds like you may have a virus/worm/trojan. Or maybe just some adware but that'd be some serious adware...
posted by jckll at 9:06 AM on July 28, 2006
posted by jckll at 9:06 AM on July 28, 2006
Or maybe just a filesharing program that starts on boot. (eg. bittorrent, with some torrents downloading?)
posted by inigo2 at 9:14 AM on July 28, 2006
posted by inigo2 at 9:14 AM on July 28, 2006
Or the Java auto-updater? Or the Admobe Acrobat auto-updater? Or your virus program's auto-updater?
etc.
posted by GuyZero at 9:15 AM on July 28, 2006
etc.
posted by GuyZero at 9:15 AM on July 28, 2006
WinXP automatically sets the time-of-day clock on bootup by visiting a time server owned by Microsoft.
posted by Steven C. Den Beste at 9:42 AM on July 28, 2006
posted by Steven C. Den Beste at 9:42 AM on July 28, 2006
Also remember, these numbers are bytes - that's that you've sent just 1.5Kb of information somewhere and received 5Kb back on start-up. With TCP headers and IP overheads, that's not a lot of data really.
posted by benzo8 at 10:10 AM on July 28, 2006
posted by benzo8 at 10:10 AM on July 28, 2006
Another thought - is there another computer on your network? These numbers don't seem out of range for Microsoft's badly implemented version of a periodic netwide broadcast...
posted by benzo8 at 10:46 AM on July 28, 2006
posted by benzo8 at 10:46 AM on July 28, 2006
There a multitude of background processes that could send and receive data. Assuming that you're infected is a course into hilarity--do your scans, but if nothing comes up, enable your next-to-useless software firewall, relish in your new 'security' and go about your business.
posted by cellphone at 12:40 PM on July 28, 2006
posted by cellphone at 12:40 PM on July 28, 2006
If you really want to see what each and every one of those bytes are, just run Ethereal (now called Wireshark.) It will show you the contents of every packet coming and going from your computer. But you have to be somewhat knowledgable about network protocols to make sense of it. My guess is that it is all benign stuff -- DHCP, automatic updates, latest-version checks, NTP, etc. You should also run a program like sysinternals' AutoRuns that shows you what is being run at startup just to rule out the presence of some kind of malware server or unknown app.
posted by Rhomboid at 1:15 PM on July 28, 2006
posted by Rhomboid at 1:15 PM on July 28, 2006
OP: I recently noticed that right after I boot up (XP), the Local Area Connection status indicated that I have sent 1,500 bytes and recieved 5,000 bytes.
benzo8: Also remember, these numbers are bytes - that's that you've sent just 1.5Kb of information somewhere and received 5Kb back on start-up.
cklennon: benzo8: Au contraire
cklenno, did you miss the (now embolded) "on start-up", showing I was referring to the part of the OP's question where he was talking about his initial on-boot figures? Did it really need google calculator to tell me that the later figure of 14,000,000 bytes is close to 14MB? Because over 2 hours, that's 1,944 bytes a second transferred - just under 2Kb - no more than I'd expect from standard network information under certain circumstances...
The part from the OP which throws doubt on this is that he says he's not noticed this information before, which is why I asked if he's got another machine on the network - maybe added recently...
posted by benzo8 at 5:23 PM on July 28, 2006
benzo8: Also remember, these numbers are bytes - that's that you've sent just 1.5Kb of information somewhere and received 5Kb back on start-up.
cklennon: benzo8: Au contraire
cklenno, did you miss the (now embolded) "on start-up", showing I was referring to the part of the OP's question where he was talking about his initial on-boot figures? Did it really need google calculator to tell me that the later figure of 14,000,000 bytes is close to 14MB? Because over 2 hours, that's 1,944 bytes a second transferred - just under 2Kb - no more than I'd expect from standard network information under certain circumstances...
The part from the OP which throws doubt on this is that he says he's not noticed this information before, which is why I asked if he's got another machine on the network - maybe added recently...
posted by benzo8 at 5:23 PM on July 28, 2006
« Older accomodation for the venice fil mfestival. | Burien, WA (Seattle-area) martial arts question Newer »
This thread is closed to new comments.
posted by orthogonality at 9:00 AM on July 28, 2006