Where did all this data traffic come from?
April 6, 2007 3:02 AM Subscribe
What could explain a big rise in data traffic through my internet connection? I'm worried it might be malicious and wonder if there's a way of checking.
I run a little program called NetMeter and I noticed a very big spike in usage yesterday. On average, per day I upload 2-15MB and download 50-150MB. Yesterday I uploaded 2.5GB and downloaded 2.6GB.
Every now and then I'll download a game or an app which is quite big (60MB) but I certainly didn't upload that much.
I have run Adaware and Spybot this morning and they both found a handful of tracking cookies. I also run AVG and Windows Firewall.
Questions:
Does NetMeter only monitor data from the PC on which it is installed? Would it track data from my laptop and XBOX 360 also?
I did play Gears of War online for an hour and a half. If the answer to the above question is no and NetMeter does monitor all traffic then could this be a factor?
I run a little program called NetMeter and I noticed a very big spike in usage yesterday. On average, per day I upload 2-15MB and download 50-150MB. Yesterday I uploaded 2.5GB and downloaded 2.6GB.
Every now and then I'll download a game or an app which is quite big (60MB) but I certainly didn't upload that much.
I have run Adaware and Spybot this morning and they both found a handful of tracking cookies. I also run AVG and Windows Firewall.
Questions:
Does NetMeter only monitor data from the PC on which it is installed? Would it track data from my laptop and XBOX 360 also?
I did play Gears of War online for an hour and a half. If the answer to the above question is no and NetMeter does monitor all traffic then could this be a factor?
Response by poster: Definitely no P2P software. I have now installed ZoneAlarm and I'm waiting to see what programs try to access the internet.
posted by Glum at 3:37 AM on April 6, 2007
posted by Glum at 3:37 AM on April 6, 2007
Best answer: Two and a half gig upstream is a huge number for one day. Huge. No way is any normal usage going to generate that much upstream bandwidth.
First, verify that this is actually happening. You should be able to see all that net activity as constant blinking on your DSL, cable modem, and/or router. If not, then the bandwidth app is probably giving you a bogus number.
Second, if this is really happening, given what you've told us, this is bad. I can't imagine how it could be anything other than someone using your machine to handle file sharing or worse. If file sharing, is there a possibility that someone else at your home/wherever is physically accessing your computer?
If you still don't know what this is, and it's still happening, you're going to want to disconnect your computer from the net. However, before you do that you might want to take the chance and leave it connected and use a utility from Sysinternals that will tell you the names of all the programs that are using the network.
Unfortunately, there's probably going to be stuff there that you don't recognize that are kosher. If the offending app doesn't stand out, you might let us look at the list and see if anyone here recognizes anything. You might also try using a few of the process tools from Sysinternals, like their Process Explorer, Process Monitor, and File Monitor.
posted by Ethereal Bligh at 3:38 AM on April 6, 2007
First, verify that this is actually happening. You should be able to see all that net activity as constant blinking on your DSL, cable modem, and/or router. If not, then the bandwidth app is probably giving you a bogus number.
Second, if this is really happening, given what you've told us, this is bad. I can't imagine how it could be anything other than someone using your machine to handle file sharing or worse. If file sharing, is there a possibility that someone else at your home/wherever is physically accessing your computer?
If you still don't know what this is, and it's still happening, you're going to want to disconnect your computer from the net. However, before you do that you might want to take the chance and leave it connected and use a utility from Sysinternals that will tell you the names of all the programs that are using the network.
Unfortunately, there's probably going to be stuff there that you don't recognize that are kosher. If the offending app doesn't stand out, you might let us look at the list and see if anyone here recognizes anything. You might also try using a few of the process tools from Sysinternals, like their Process Explorer, Process Monitor, and File Monitor.
posted by Ethereal Bligh at 3:38 AM on April 6, 2007
Best answer: You can try running a packet sniffer (Ethereal is pretty user-friendly) if you notice another spike and see what's going on. Along with the process tools suggested above, you should be able to verify what exactly is happening on the network.
Also, find out your upload speed (wired and wireless) run the math to see if you could have uploaded that much in the length of time that NetMeter says you did (if it does. If not, try switching to a more sophisticated bandwidth monitor). It may be a glitch or hiccup of some sort.
posted by griphus at 4:07 AM on April 6, 2007
Also, find out your upload speed (wired and wireless) run the math to see if you could have uploaded that much in the length of time that NetMeter says you did (if it does. If not, try switching to a more sophisticated bandwidth monitor). It may be a glitch or hiccup of some sort.
posted by griphus at 4:07 AM on April 6, 2007
Do you use skype? Now and then it can decide that your computer has good enough bandwith to be a server and start connecting calls through it. This can eat up massive amounts I think.
posted by ilike at 5:15 AM on April 6, 2007
posted by ilike at 5:15 AM on April 6, 2007
Did you transfer any files from that computer to the laptop? I'm not familiar with NetMeter, but it's possible it picked that up.
posted by chndrcks at 9:04 AM on April 6, 2007
posted by chndrcks at 9:04 AM on April 6, 2007
What could explain a big rise in data traffic through my internet connection?
I just download and ran NetMeter, and now I'm inclined to agree with chndrcks: This isn't neccesarily measuring internet data transfer, but rather network data transfer. Do you stream media between the PC and Xbox? Do you have another computer that you transfer files or other data between?
Because 2.5 GB is a lot. Wow.
posted by niles at 10:01 AM on April 6, 2007
I just download and ran NetMeter, and now I'm inclined to agree with chndrcks: This isn't neccesarily measuring internet data transfer, but rather network data transfer. Do you stream media between the PC and Xbox? Do you have another computer that you transfer files or other data between?
Because 2.5 GB is a lot. Wow.
posted by niles at 10:01 AM on April 6, 2007
Yes to all of the advice here re scanning and sysinternals, but if adaware and spybot aren't picking anything up it's at least possible that you've been thoroughly rootkitted, in which case nothing short of a reformat is going to be effective and your computer is quite capable of lying through its teeth about what's installed/running.
posted by Skorgu at 10:16 AM on April 6, 2007
posted by Skorgu at 10:16 AM on April 6, 2007
Is your game system connected to a router or does all net traffic go through your pc? That would affect whether the traffic from the Gears of War play made any difference.
posted by slavlin at 1:18 PM on April 6, 2007
posted by slavlin at 1:18 PM on April 6, 2007
Response by poster: Thanks for the help everyone. I think, however, I have been rash and foolish. I have a Buffalo LinkStation attached to my router and I think NetMeter is tracking all data transfers to that as well as out to the Internet.
Ripping 3 CDs to MP3 at 320Kbps adds up to about 2.5GB of upload! Ack!
Sorry.
posted by Glum at 1:22 AM on April 8, 2007
Ripping 3 CDs to MP3 at 320Kbps adds up to about 2.5GB of upload! Ack!
Sorry.
posted by Glum at 1:22 AM on April 8, 2007
This thread is closed to new comments.
Do you know if you're running any kind of P2P software, like Shareaza or something?
posted by chrismear at 3:19 AM on April 6, 2007