Salty Wagyu Posted December 8, 2012 Share Posted December 8, 2012 I'm getting something odd here, it's maxing out my line speed yet I can't see any activity in either Resource Monitor or Nirsoft's NetworkTrafficView using WinPcap capturing. Normally I've always relied on these two tools to see what's using bandwidth if I spot any in the NetWorx graph, but not this time for some strange reason. It's the second big download that's happened this past week. It's downloaded 462mb so far. Something is definitely downloading as browsing has slowed down, I'm the only connected computer on my LAN at the moment. Only way to stop it is to disable/re-enable my LAN connection, and then it won't resume at that point. Any ideas on how I can trace this phantom? Link to comment Share on other sites More sharing options...
545646674116 Posted December 8, 2012 Share Posted December 8, 2012 Looking at the processes - this may be obvious, but deluge.exe is a bit torrent client so that may explain things. Link to comment Share on other sites More sharing options...
Salty Wagyu Posted December 8, 2012 Author Share Posted December 8, 2012 Looking at the processes - this may be obvious, but deluge.exe is a bit torrent client so that may explain things. Deluge was only seeding but I closed Deluge, it was still happening. If I download a torrent in it, I get data rate activity of 400kb/sec+ in those two monitor tools edit: With Deluge downloading: https://dl.dropbox.com/u/12843960/mysterious_bandwidth2.jpg Link to comment Share on other sites More sharing options...
sc302 Veteran Posted December 8, 2012 Veteran Share Posted December 8, 2012 Try turning off automatic windows updates. Use your router to find out if it can log connections and bandwidth usage. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 8, 2012 MVC Share Posted December 8, 2012 do a sniff -- this won't tell you what process,, but will show you where the connection is too and what type of traffic, unless its ssl, etc. Also are you running those tools as elevated admin? They might not be able to access the process info of what is making the connection so don't show it. What does a netstat -anb show you for your connections and it will give you the process that has the connection open. Run it in elevated prompt. Link to comment Share on other sites More sharing options...
Salty Wagyu Posted December 8, 2012 Author Share Posted December 8, 2012 Download stopped a while ago, wasn't from Windows Update. do a sniff -- this won't tell you what process,, but will show you where the connection is too and what type of traffic, unless its ssl, etc. Also are you running those tools as elevated admin? They might not be able to access the process info of what is making the connection so don't show it. What does a netstat -anb show you for your connections and it will give you the process that has the connection open. Run it in elevated prompt. I will try NetworkTrafficView as elevated admin next time it happens, although Resource Monitor should have been elevated already. I've tried netstat but it's really difficult or not possible at all to see bandwidth consumption? Would you be able to tell from these two netstats which one is idle and which one is downloading a file I started (as well as the process)? Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:554 0.0.0.0:0 LISTENING [wmpnetwk.exe] TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING CryptSvc [svchost.exe] TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING [SABnzbd.exe] TCP 0.0.0.0:17500 0.0.0.0:0 LISTENING [Dropbox.exe] TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING [wininit.exe] TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING eventlog [svchost.exe] TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING Schedule [svchost.exe] TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING [services.exe] TCP 0.0.0.0:49186 0.0.0.0:0 LISTENING [lsass.exe] TCP 127.0.0.1:1288 127.0.0.1:65422 ESTABLISHED [AdMunch.exe] TCP 127.0.0.1:1309 127.0.0.1:65475 TIME_WAIT TCP 127.0.0.1:1320 127.0.0.1:65497 TIME_WAIT TCP 127.0.0.1:1341 127.0.0.1:49165 TIME_WAIT TCP 127.0.0.1:1342 127.0.0.1:49167 TIME_WAIT TCP 127.0.0.1:1343 127.0.0.1:49169 TIME_WAIT TCP 127.0.0.1:1344 127.0.0.1:49171 TIME_WAIT TCP 127.0.0.1:1345 127.0.0.1:49173 TIME_WAIT TCP 127.0.0.1:1352 127.0.0.1:49188 TIME_WAIT TCP 127.0.0.1:1354 127.0.0.1:49193 TIME_WAIT TCP 127.0.0.1:1377 127.0.0.1:49241 TIME_WAIT TCP 127.0.0.1:1400 127.0.0.1:49291 TIME_WAIT TCP 127.0.0.1:1455 127.0.0.1:49403 TIME_WAIT TCP 127.0.0.1:1464 127.0.0.1:49422 TIME_WAIT TCP 127.0.0.1:1474 127.0.0.1:49443 TIME_WAIT TCP 127.0.0.1:1484 127.0.0.1:49464 TIME_WAIT TCP 127.0.0.1:1487 127.0.0.1:49470 TIME_WAIT TCP 127.0.0.1:1488 127.0.0.1:49472 TIME_WAIT TCP 127.0.0.1:1489 127.0.0.1:49475 TIME_WAIT TCP 127.0.0.1:1490 127.0.0.1:49477 TIME_WAIT TCP 127.0.0.1:1492 127.0.0.1:49482 TIME_WAIT TCP 127.0.0.1:1493 127.0.0.1:49484 TIME_WAIT TCP 127.0.0.1:1494 127.0.0.1:49486 TIME_WAIT TCP 127.0.0.1:1495 127.0.0.1:49488 TIME_WAIT TCP 127.0.0.1:1499 127.0.0.1:49494 ESTABLISHED [AdMunch.exe] TCP 127.0.0.1:1506 127.0.0.1:49508 TIME_WAIT TCP 127.0.0.1:1510 127.0.0.1:49514 TIME_WAIT TCP 127.0.0.1:1511 127.0.0.1:49516 TIME_WAIT TCP 127.0.0.1:1512 127.0.0.1:49518 TIME_WAIT TCP 127.0.0.1:1514 127.0.0.1:49522 ESTABLISHED [AdMunch.exe] TCP 127.0.0.1:1518 127.0.0.1:49531 TIME_WAIT TCP 127.0.0.1:1519 127.0.0.1:49533 TIME_WAIT TCP 127.0.0.1:1522 127.0.0.1:49541 ESTABLISHED [AdMunch.exe] TCP 127.0.0.1:1524 127.0.0.1:49546 TIME_WAIT TCP 127.0.0.1:1527 127.0.0.1:49552 ESTABLISHED [AdMunch.exe] TCP 127.0.0.1:1528 127.0.0.1:49554 TIME_WAIT TCP 127.0.0.1:1531 127.0.0.1:49564 TIME_WAIT TCP 127.0.0.1:1591 127.0.0.1:57316 ESTABLISHED [AdMunch.exe] TCP 127.0.0.1:2559 0.0.0.0:0 LISTENING [daemonu.exe] TCP 127.0.0.1:3939 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 127.0.0.1:5939 0.0.0.0:0 LISTENING [TeamViewer_Service.exe] TCP 127.0.0.1:8795 0.0.0.0:0 LISTENING [RSSOwl.exe] TCP 127.0.0.1:19872 127.0.0.1:49197 ESTABLISHED [Dropbox.exe] TCP 127.0.0.1:49156 127.0.0.1:1337 TIME_WAIT TCP 127.0.0.1:49175 127.0.0.1:1346 TIME_WAIT TCP 127.0.0.1:49183 127.0.0.1:1350 TIME_WAIT TCP 127.0.0.1:49197 127.0.0.1:19872 ESTABLISHED [Dropbox.exe] TCP 127.0.0.1:49207 127.0.0.1:1361 TIME_WAIT TCP 127.0.0.1:49245 127.0.0.1:1380 TIME_WAIT TCP 127.0.0.1:49247 127.0.0.1:1381 TIME_WAIT TCP 127.0.0.1:49249 127.0.0.1:1382 TIME_WAIT TCP 127.0.0.1:49251 127.0.0.1:1383 TIME_WAIT TCP 127.0.0.1:49277 127.0.0.1:1394 TIME_WAIT TCP 127.0.0.1:49283 127.0.0.1:1396 TIME_WAIT TCP 127.0.0.1:49285 127.0.0.1:1397 TIME_WAIT TCP 127.0.0.1:49287 127.0.0.1:1398 TIME_WAIT TCP 127.0.0.1:49301 127.0.0.1:1405 TIME_WAIT TCP 127.0.0.1:49303 127.0.0.1:1406 TIME_WAIT TCP 127.0.0.1:49305 127.0.0.1:1407 TIME_WAIT TCP 127.0.0.1:49307 127.0.0.1:1408 TIME_WAIT TCP 127.0.0.1:49309 127.0.0.1:1409 TIME_WAIT TCP 127.0.0.1:49311 127.0.0.1:1410 TIME_WAIT TCP 127.0.0.1:49329 127.0.0.1:1419 TIME_WAIT TCP 127.0.0.1:49365 127.0.0.1:1437 TIME_WAIT TCP 127.0.0.1:49369 127.0.0.1:1439 TIME_WAIT TCP 127.0.0.1:49398 127.0.0.1:1453 TIME_WAIT TCP 127.0.0.1:49400 127.0.0.1:1454 TIME_WAIT TCP 127.0.0.1:49411 127.0.0.1:1459 TIME_WAIT TCP 127.0.0.1:49429 127.0.0.1:1467 TIME_WAIT TCP 127.0.0.1:49431 127.0.0.1:1468 TIME_WAIT TCP 127.0.0.1:49433 127.0.0.1:1469 TIME_WAIT TCP 127.0.0.1:49435 127.0.0.1:1470 TIME_WAIT TCP 127.0.0.1:49460 127.0.0.1:1482 TIME_WAIT TCP 127.0.0.1:49480 127.0.0.1:1491 TIME_WAIT TCP 127.0.0.1:49490 127.0.0.1:1496 TIME_WAIT TCP 127.0.0.1:49491 127.0.0.1:1497 TIME_WAIT TCP 127.0.0.1:49492 127.0.0.1:1498 TIME_WAIT TCP 127.0.0.1:49494 127.0.0.1:1499 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49496 127.0.0.1:1500 TIME_WAIT TCP 127.0.0.1:49498 127.0.0.1:1501 TIME_WAIT TCP 127.0.0.1:49500 127.0.0.1:1502 TIME_WAIT TCP 127.0.0.1:49502 127.0.0.1:1503 TIME_WAIT TCP 127.0.0.1:49504 127.0.0.1:1504 TIME_WAIT TCP 127.0.0.1:49506 127.0.0.1:1505 TIME_WAIT TCP 127.0.0.1:49510 127.0.0.1:1507 TIME_WAIT TCP 127.0.0.1:49511 127.0.0.1:1508 TIME_WAIT TCP 127.0.0.1:49512 127.0.0.1:1509 TIME_WAIT TCP 127.0.0.1:49520 127.0.0.1:1513 TIME_WAIT TCP 127.0.0.1:49522 127.0.0.1:1514 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49526 127.0.0.1:1516 TIME_WAIT TCP 127.0.0.1:49528 127.0.0.1:1517 TIME_WAIT TCP 127.0.0.1:49535 127.0.0.1:1520 TIME_WAIT TCP 127.0.0.1:49541 127.0.0.1:1522 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49544 127.0.0.1:1523 TIME_WAIT TCP 127.0.0.1:49548 127.0.0.1:1525 TIME_WAIT TCP 127.0.0.1:49550 127.0.0.1:1526 TIME_WAIT TCP 127.0.0.1:49552 127.0.0.1:1527 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49556 127.0.0.1:1529 TIME_WAIT TCP 127.0.0.1:49560 127.0.0.1:1530 TIME_WAIT TCP 127.0.0.1:49566 127.0.0.1:1532 TIME_WAIT TCP 127.0.0.1:57316 127.0.0.1:1591 ESTABLISHED [chrome.exe] TCP 127.0.0.1:65422 127.0.0.1:1288 ESTABLISHED [firefox.exe] TCP 127.0.0.1:65534 127.0.0.1:1336 TIME_WAIT TCP 192.168.1.1:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 192.168.1.1:49155 23.62.53.74:80 TIME_WAIT TCP 192.168.1.1:49157 23.62.53.74:80 TIME_WAIT TCP 192.168.1.1:49176 23.63.99.235:80 TIME_WAIT TCP 192.168.1.1:49184 54.240.166.215:80 TIME_WAIT TCP 192.168.1.1:49208 173.194.41.170:80 TIME_WAIT TCP 192.168.1.1:49246 54.240.166.189:80 TIME_WAIT TCP 192.168.1.1:49248 54.240.166.189:80 TIME_WAIT TCP 192.168.1.1:49250 54.240.166.189:80 TIME_WAIT TCP 192.168.1.1:49252 54.240.166.189:80 TIME_WAIT TCP 192.168.1.1:49278 173.194.67.95:80 TIME_WAIT TCP 192.168.1.1:49284 23.63.99.235:80 TIME_WAIT TCP 192.168.1.1:49286 23.63.99.235:80 TIME_WAIT TCP 192.168.1.1:49288 23.63.99.235:80 TIME_WAIT TCP 192.168.1.1:49302 72.21.215.101:80 TIME_WAIT TCP 192.168.1.1:49304 72.21.215.101:80 TIME_WAIT TCP 192.168.1.1:49306 72.21.215.101:80 TIME_WAIT TCP 192.168.1.1:49308 72.21.215.101:80 TIME_WAIT TCP 192.168.1.1:49310 72.21.215.101:80 TIME_WAIT TCP 192.168.1.1:49312 72.21.215.101:80 TIME_WAIT TCP 192.168.1.1:49330 2.18.127.8:80 TIME_WAIT TCP 192.168.1.1:49366 173.194.41.188:80 TIME_WAIT TCP 192.168.1.1:49370 217.156.250.128:80 TIME_WAIT TCP 192.168.1.1:49380 173.194.41.165:443 ESTABLISHED [firefox.exe] TCP 192.168.1.1:49401 23.62.53.74:80 TIME_WAIT TCP 192.168.1.1:49412 23.63.99.233:80 TIME_WAIT TCP 192.168.1.1:49461 23.62.53.88:80 TIME_WAIT TCP 192.168.1.1:49474 173.194.41.182:443 ESTABLISHED [firefox.exe] TCP 192.168.1.1:49493 173.194.67.95:80 TIME_WAIT TCP 192.168.1.1:49495 173.194.41.163:80 ESTABLISHED [AdMunch.exe] TCP 192.168.1.1:49497 108.161.189.3:80 TIME_WAIT TCP 192.168.1.1:49499 108.161.189.3:80 TIME_WAIT TCP 192.168.1.1:49501 108.161.189.3:80 TIME_WAIT TCP 192.168.1.1:49503 108.161.189.3:80 TIME_WAIT TCP 192.168.1.1:49505 108.161.189.3:80 TIME_WAIT TCP 192.168.1.1:49507 108.161.189.3:80 TIME_WAIT TCP 192.168.1.1:49513 173.194.67.95:80 TIME_WAIT TCP 192.168.1.1:49521 108.161.189.3:80 TIME_WAIT TCP 192.168.1.1:49523 92.123.95.144:80 ESTABLISHED [AdMunch.exe] TCP 192.168.1.1:49525 92.123.92.20:80 TIME_WAIT TCP 192.168.1.1:49527 108.161.189.3:80 TIME_WAIT TCP 192.168.1.1:49529 92.123.95.139:80 TIME_WAIT TCP 192.168.1.1:49530 173.194.41.161:443 ESTABLISHED [firefox.exe] TCP 192.168.1.1:49536 23.62.53.75:80 TIME_WAIT TCP 192.168.1.1:49538 92.123.95.144:443 ESTABLISHED [firefox.exe] TCP 192.168.1.1:49542 92.123.95.144:80 ESTABLISHED [AdMunch.exe] TCP 192.168.1.1:49545 23.62.53.99:80 TIME_WAIT TCP 192.168.1.1:49549 23.62.53.75:80 TIME_WAIT TCP 192.168.1.1:49551 23.62.53.75:80 TIME_WAIT TCP 192.168.1.1:49553 173.193.20.165:80 ESTABLISHED [AdMunch.exe] TCP 192.168.1.1:49559 184.173.190.39:443 ESTABLISHED [vsserv.exe] TCP 192.168.1.1:49567 74.204.71.246:80 TIME_WAIT TCP 192.168.1.1:49568 173.194.41.163:80 TIME_WAIT TCP 192.168.1.1:49569 173.194.41.169:80 TIME_WAIT TCP 192.168.1.1:49570 173.194.41.169:80 TIME_WAIT TCP 192.168.1.1:49571 92.60.112.32:80 TIME_WAIT TCP 192.168.1.1:49572 94.198.83.18:80 TIME_WAIT TCP 192.168.1.1:49573 109.163.231.41:80 ESTABLISHED [RSSOwl.exe] TCP 192.168.1.1:49575 208.64.202.69:80 TIME_WAIT TCP 192.168.1.1:49577 94.127.79.33:80 TIME_WAIT TCP 192.168.1.1:49578 173.194.41.163:80 TIME_WAIT TCP 192.168.1.1:49579 46.51.195.12:80 ESTABLISHED [vsserv.exe] TCP 192.168.1.1:49580 46.51.195.12:80 ESTABLISHED [vsserv.exe] TCP 192.168.1.1:49582 23.62.53.67:80 TIME_WAIT TCP 192.168.1.1:49583 94.136.40.129:80 TIME_WAIT TCP 192.168.1.1:49584 94.198.83.18:80 TIME_WAIT TCP 192.168.1.1:49586 94.127.79.33:80 TIME_WAIT TCP 192.168.1.1:49587 173.194.67.121:80 TIME_WAIT TCP 192.168.1.1:52081 199.47.216.144:80 ESTABLISHED [Dropbox.exe] TCP 192.168.1.1:52199 199.47.217.177:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:52335 66.223.50.32:4004 ESTABLISHED [vsserv.exe] TCP 192.168.1.1:55500 50.19.217.39:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:56307 199.16.156.48:443 ESTABLISHED [TweetDeck.exe] TCP 192.168.1.1:57317 173.194.78.125:5222 ESTABLISHED [AdMunch.exe] TCP 192.168.1.1:57333 173.194.41.182:443 ESTABLISHED [chrome.exe] TCP 192.168.1.1:59218 173.194.41.181:443 ESTABLISHED [chrome.exe] TCP 192.168.1.1:60842 173.194.41.181:443 ESTABLISHED [firefox.exe] TCP 192.168.1.1:61323 50.19.217.115:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:61329 199.47.216.174:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:61335 199.47.216.174:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:65264 205.251.242.165:80 CLOSE_WAIT [TweetDeck.exe] TCP 192.168.1.1:65265 199.59.150.41:443 CLOSE_WAIT [TweetDeck.exe] TCP 192.168.1.1:65373 199.47.217.172:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:65423 173.194.67.138:80 ESTABLISHED [AdMunch.exe] TCP 192.168.56.1:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP [::]:135 [::]:0 LISTENING RpcSs [svchost.exe] TCP [::]:445 [::]:0 LISTENING Can not obtain ownership information TCP [::]:554 [::]:0 LISTENING [wmpnetwk.exe] TCP [::]:2869 [::]:0 LISTENING Can not obtain ownership information TCP [::]:3389 [::]:0 LISTENING CryptSvc [svchost.exe] TCP [::]:5357 [::]:0 LISTENING Can not obtain ownership information TCP [::]:49152 [::]:0 LISTENING [wininit.exe] TCP [::]:49153 [::]:0 LISTENING eventlog [svchost.exe] TCP [::]:49154 [::]:0 LISTENING Schedule [svchost.exe] TCP [::]:49159 [::]:0 LISTENING [services.exe] TCP [::]:49186 [::]:0 LISTENING [lsass.exe] TCP [::1]:8080 [::]:0 LISTENING [SABnzbd.exe] TCP [::1]:8080 [::1]:49479 TIME_WAIT TCP [::1]:8080 [::1]:49558 TIME_WAIT UDP 0.0.0.0:500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:4500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:5004 *:* [wmpnetwk.exe] UDP 0.0.0.0:5005 *:* [wmpnetwk.exe] UDP 0.0.0.0:17500 *:* [Dropbox.exe] UDP 0.0.0.0:50334 *:* [Steam.exe] UDP 0.0.0.0:55770 *:* EventSystem [svchost.exe] UDP 0.0.0.0:55956 *:* [vsserv.exe] UDP 0.0.0.0:56293 *:* EventSystem [svchost.exe] UDP 0.0.0.0:56972 *:* [bdagent.exe] UDP 0.0.0.0:58457 *:* FDResPub [svchost.exe] UDP 127.0.0.1:1900 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:44301 *:* [PnkBstrA.exe] UDP 127.0.0.1:48000 *:* [daemonu.exe] UDP 127.0.0.1:48001 *:* [nvtray.exe] UDP 127.0.0.1:54164 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:60682 *:* [RSSOwl.exe] UDP 192.168.1.1:68 *:* Dhcp [svchost.exe] UDP 192.168.1.1:137 *:* Can not obtain ownership information UDP 192.168.1.1:138 *:* Can not obtain ownership information UDP 192.168.1.1:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.1.1:54162 *:* SSDPSRV [svchost.exe] UDP 192.168.56.1:137 *:* Can not obtain ownership information UDP 192.168.56.1:138 *:* Can not obtain ownership information UDP 192.168.56.1:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.56.1:54163 *:* SSDPSRV [svchost.exe] UDP [::]:500 *:* IKEEXT [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:4500 *:* IKEEXT [svchost.exe] UDP [::]:5004 *:* [wmpnetwk.exe] UDP [::]:5005 *:* [wmpnetwk.exe] UDP [::]:55771 *:* EventSystem [svchost.exe] UDP [::]:56294 *:* EventSystem [svchost.exe] UDP [::]:58458 *:* FDResPub [svchost.exe] UDP [::1]:1900 *:* SSDPSRV [svchost.exe] UDP [::1]:54161 *:* SSDPSRV [svchost.exe] UDP [fe80::9c1:c27e:baa5:ca35%24]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::9c1:c27e:baa5:ca35%24]:54160 *:* SSDPSRV [svchost.exe] UDP [fe80::d508:73eb:fd17:66a5%11]:546 *:* Dhcp [svchost.exe] UDP [fe80::d508:73eb:fd17:66a5%11]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::d508:73eb:fd17:66a5%11]:54159 *:* SSDPSRV [svchost.exe] Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:554 0.0.0.0:0 LISTENING [wmpnetwk.exe] TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING CryptSvc [svchost.exe] TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING [SABnzbd.exe] TCP 0.0.0.0:17500 0.0.0.0:0 LISTENING [Dropbox.exe] TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING [wininit.exe] TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING eventlog [svchost.exe] TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING Schedule [svchost.exe] TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING [services.exe] TCP 0.0.0.0:49186 0.0.0.0:0 LISTENING [lsass.exe] TCP 127.0.0.1:1255 127.0.0.1:65327 TIME_WAIT TCP 127.0.0.1:1256 127.0.0.1:65333 TIME_WAIT TCP 127.0.0.1:1257 127.0.0.1:65340 TIME_WAIT TCP 127.0.0.1:1260 127.0.0.1:65359 TIME_WAIT TCP 127.0.0.1:1262 127.0.0.1:65364 TIME_WAIT TCP 127.0.0.1:1263 127.0.0.1:65366 TIME_WAIT TCP 127.0.0.1:1591 127.0.0.1:57316 ESTABLISHED [AdMunch.exe] TCP 127.0.0.1:2559 0.0.0.0:0 LISTENING [daemonu.exe] TCP 127.0.0.1:2559 127.0.0.1:65321 TIME_WAIT TCP 127.0.0.1:2559 127.0.0.1:65322 TIME_WAIT TCP 127.0.0.1:2559 127.0.0.1:65323 TIME_WAIT TCP 127.0.0.1:2559 127.0.0.1:65324 TIME_WAIT TCP 127.0.0.1:2559 127.0.0.1:65349 TIME_WAIT TCP 127.0.0.1:2559 127.0.0.1:65350 TIME_WAIT TCP 127.0.0.1:2559 127.0.0.1:65351 TIME_WAIT TCP 127.0.0.1:2559 127.0.0.1:65352 TIME_WAIT TCP 127.0.0.1:2559 127.0.0.1:65353 TIME_WAIT TCP 127.0.0.1:2559 127.0.0.1:65354 TIME_WAIT TCP 127.0.0.1:2559 127.0.0.1:65355 TIME_WAIT TCP 127.0.0.1:2559 127.0.0.1:65356 TIME_WAIT TCP 127.0.0.1:3939 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 127.0.0.1:5939 0.0.0.0:0 LISTENING [TeamViewer_Service.exe] TCP 127.0.0.1:8795 0.0.0.0:0 LISTENING [RSSOwl.exe] TCP 127.0.0.1:19872 127.0.0.1:49197 ESTABLISHED [Dropbox.exe] TCP 127.0.0.1:49197 127.0.0.1:19872 ESTABLISHED [Dropbox.exe] TCP 127.0.0.1:57316 127.0.0.1:1591 ESTABLISHED [chrome.exe] TCP 127.0.0.1:65343 127.0.0.1:1258 TIME_WAIT TCP 127.0.0.1:65357 127.0.0.1:1259 TIME_WAIT TCP 127.0.0.1:65361 127.0.0.1:1261 TIME_WAIT TCP 192.168.1.1:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 192.168.1.1:52081 199.47.216.144:80 ESTABLISHED [Dropbox.exe] TCP 192.168.1.1:52199 199.47.217.177:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:52335 66.223.50.32:4004 ESTABLISHED [vsserv.exe] TCP 192.168.1.1:55500 50.19.217.39:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:56307 199.16.156.48:443 ESTABLISHED [TweetDeck.exe] TCP 192.168.1.1:57317 173.194.78.125:5222 ESTABLISHED [AdMunch.exe] TCP 192.168.1.1:57333 173.194.41.182:443 ESTABLISHED [chrome.exe] TCP 192.168.1.1:59218 173.194.41.181:443 ESTABLISHED [chrome.exe] TCP 192.168.1.1:60842 173.194.41.181:443 ESTABLISHED [firefox.exe] TCP 192.168.1.1:61323 50.19.217.115:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:61329 199.47.216.174:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:61335 199.47.216.174:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:64181 199.47.216.174:443 CLOSE_WAIT [Dropbox.exe] TCP 192.168.1.1:65264 205.251.242.165:80 CLOSE_WAIT [TweetDeck.exe] TCP 192.168.1.1:65265 199.59.150.41:443 CLOSE_WAIT [TweetDeck.exe] TCP 192.168.1.1:65312 173.194.41.161:443 ESTABLISHED [chrome.exe] TCP 192.168.1.1:65313 173.194.41.166:443 ESTABLISHED [chrome.exe] TCP 192.168.1.1:65329 173.194.41.181:443 ESTABLISHED [firefox.exe] TCP 192.168.56.1:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP [::]:135 [::]:0 LISTENING RpcSs [svchost.exe] TCP [::]:445 [::]:0 LISTENING Can not obtain ownership information TCP [::]:554 [::]:0 LISTENING [wmpnetwk.exe] TCP [::]:2869 [::]:0 LISTENING Can not obtain ownership information TCP [::]:3389 [::]:0 LISTENING CryptSvc [svchost.exe] TCP [::]:5357 [::]:0 LISTENING Can not obtain ownership information TCP [::]:49152 [::]:0 LISTENING [wininit.exe] TCP [::]:49153 [::]:0 LISTENING eventlog [svchost.exe] TCP [::]:49154 [::]:0 LISTENING Schedule [svchost.exe] TCP [::]:49159 [::]:0 LISTENING [services.exe] TCP [::]:49186 [::]:0 LISTENING [lsass.exe] TCP [::1]:8080 [::]:0 LISTENING [SABnzbd.exe] TCP [::1]:8080 [::1]:65337 TIME_WAIT TCP [::1]:8080 [::1]:65363 TIME_WAIT UDP 0.0.0.0:500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:3702 *:* EventSystem [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:4500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:5004 *:* [wmpnetwk.exe] UDP 0.0.0.0:5005 *:* [wmpnetwk.exe] UDP 0.0.0.0:17500 *:* [Dropbox.exe] UDP 0.0.0.0:50334 *:* [Steam.exe] UDP 0.0.0.0:55770 *:* EventSystem [svchost.exe] UDP 0.0.0.0:55956 *:* [vsserv.exe] UDP 0.0.0.0:56293 *:* EventSystem [svchost.exe] UDP 0.0.0.0:56972 *:* [bdagent.exe] UDP 0.0.0.0:58457 *:* FDResPub [svchost.exe] UDP 127.0.0.1:1900 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:44301 *:* [PnkBstrA.exe] UDP 127.0.0.1:48000 *:* [daemonu.exe] UDP 127.0.0.1:48001 *:* [nvtray.exe] UDP 127.0.0.1:54164 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:60682 *:* [RSSOwl.exe] UDP 192.168.1.1:68 *:* Dhcp [svchost.exe] UDP 192.168.1.1:137 *:* Can not obtain ownership information UDP 192.168.1.1:138 *:* Can not obtain ownership information UDP 192.168.1.1:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.1.1:54162 *:* SSDPSRV [svchost.exe] UDP 192.168.56.1:137 *:* Can not obtain ownership information UDP 192.168.56.1:138 *:* Can not obtain ownership information UDP 192.168.56.1:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.56.1:54163 *:* SSDPSRV [svchost.exe] UDP [::]:500 *:* IKEEXT [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:3702 *:* EventSystem [svchost.exe] UDP [::]:4500 *:* IKEEXT [svchost.exe] UDP [::]:5004 *:* [wmpnetwk.exe] UDP [::]:5005 *:* [wmpnetwk.exe] UDP [::]:55771 *:* EventSystem [svchost.exe] UDP [::]:56294 *:* EventSystem [svchost.exe] UDP [::]:58458 *:* FDResPub [svchost.exe] UDP [::1]:1900 *:* SSDPSRV [svchost.exe] UDP [::1]:54161 *:* SSDPSRV [svchost.exe] UDP [fe80::9c1:c27e:baa5:ca35%24]:546 *:* Dhcp [svchost.exe] UDP [fe80::9c1:c27e:baa5:ca35%24]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::9c1:c27e:baa5:ca35%24]:54160 *:* SSDPSRV [svchost.exe] UDP [fe80::d508:73eb:fd17:66a5%11]:546 *:* Dhcp [svchost.exe] UDP [fe80::d508:73eb:fd17:66a5%11]:546 *:* Dhcp [svchost.exe] UDP [fe80::d508:73eb:fd17:66a5%11]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::d508:73eb:fd17:66a5%11]:54159 *:* SSDPSRV [svchost.exe] Thanks :) Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 8, 2012 MVC Share Posted December 8, 2012 I wasn't saying to use netstat for consumption - just to check connections. Compare it to your other tools. If your saying there is something connected not showing up in your tools. Then what does netstat show as being connected that is not in your tools. Do a sniff - see where is all the traffic going, then use nestat to see what process is making connections to that IP and port, etc. You have a bunch of stuff running - why don't you trim that down a bit before trying to figure out what is using bandwidth. Example dropbox does not need to be running, you got a bunch of admunch connections. daemonu.exe - that is an update service for nvidia? Teamviewer and steam, etc.... If your wanting to figure out what is using bandwidth, start turning **** off ;) Before you start looking, or your just going to be looking through more noise than you need too. Link to comment Share on other sites More sharing options...
Salty Wagyu Posted December 8, 2012 Author Share Posted December 8, 2012 Ok, thanks :) Will Nirsoft SmartSniff do the job for sniffing? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 8, 2012 MVC Share Posted December 8, 2012 maybe, I am fan of wireshark - FREE, more features. But for the quick thing your looking for I would have to think that would work as well. Link to comment Share on other sites More sharing options...
Salty Wagyu Posted December 8, 2012 Author Share Posted December 8, 2012 (edited) Caught it again, but not sure what to make of it, looks like I'm being packet spammed at port 80 from 68.232.34.245 Netstat shows 68.232.34.245 belonging to dropbox.exe but there is no activity indicator or any new files showing up in my dropbox folder or in the deleted files history on dropbox's web interface. No idea what's going on :huh: attached netstat, executed twice a minute apart or so. netstat.txt Edited December 8, 2012 by Salty Wagyu Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 8, 2012 MVC Share Posted December 8, 2012 So dropbox is trying to make a connection to here? I show that IP owned by NetRange: 68.232.32.0 - 68.232.47.255 NetName: EDGECAST-NETBLK-04 OrgName: EdgeCast Networks, Inc. You have it reversed - shows 68 address as your local, and 192.168.1.1. I would have to assume your downloading/uploading a change to files or adding new, are you uploading new pictures or videos, you should be able to pause the transfers. Not sure why your other tools would not show that? Or dropbox itself, what version of dropbox are you using? I use the forum builds and on version 1.6.3 What does the menu show for recently changed files? Link to comment Share on other sites More sharing options...
Hum Posted December 8, 2012 Share Posted December 8, 2012 Have you checked for viruses, rootkits, malware ? Deluge was only seeding but I closed Deluge, it was still happening ... When I exit Bit torrent, the program keeps right on running, until I disconnect from the internet. Link to comment Share on other sites More sharing options...
Salty Wagyu Posted December 8, 2012 Author Share Posted December 8, 2012 So dropbox is trying to make a connection to here? I show that IP owned by NetRange: 68.232.32.0 - 68.232.47.255 NetName: EDGECAST-NETBLK-04 OrgName: EdgeCast Networks, Inc. You have it reversed - shows 68 address as your local, and 192.168.1.1. I would have to assume your downloading/uploading a change to files or adding new, are you uploading new pictures or videos, you should be able to pause the transfers. Not sure why your other tools would not show that? Or dropbox itself, what version of dropbox are you using? I use the forum builds and on version 1.6.3 Haven't added anything to Dropbox other than 2 small PDF files I uploaded yesterday, and these screenshots in this thread today. Using Dropbox 1.4.7, it's behind I guess. I usually just let it auto-update, but will install the latest version manually now. But yeah, it's suspicious why dropbox.exe doesn't show in Resource Monitor, dropbox.exe isn't even elevated. What does the menu show for recently changed files? How do I find that out? Edit: Think you were referring to dropbox recent activity? Here - Nothing unusual, other stuff is just Liberkey app updates being uploaded to Dropbox. Link to comment Share on other sites More sharing options...
Recommended Posts