High connection usage even when idle

[Navan]

 

I was facing this issue a month ago, it rectified itself. But tonight, it has started again. There is nothing on download, no windows updates, browsers are also off. But for some reason, I am maxing out my connection (512kbps). What the hell is using my internet connection? I checked everything, my anti-virus update... nothing was using the internet. How do I find out the problem? I formatted my pc a month ago and it is virus free. This is highly annoying, please help. :)

[+LogicalApex MVC]

Either the meter is broken or something is using your connection...

 

What does Resource Monitor show?

 

 

http://www.techrepublic.com/blog/the-enterprise-cloud/use-resource-monitor-to-monitor-network-performance/4709/

[Hum]

zombie computer

 

root kit

 

http://en.wikipedia.org/wiki/Rootkit

[Navan]

Shows overall high usage but nothing to pinpoint it. I just scanned my whole computer using AVG, no viruses found.

 

Edit: The meter is definitely not broken. I was trying to watch youtube, videos were loading very slowly, if at all.

[+BudMan MVC]

239.255 is multicast address.

What I would do is sniff and look at the traffic.. http://www.wireshark.org/ is your friend.. Take a sniff - post up some details of the trace if you have questions on what it is.

Looks to be recv'd traffic not your machine sending anything. I don't see how that would be coming from outside your router to your box, it would be local so shouldn't really be slowing down your internet at such a small amount of traffic. 400 Bytes per second is nothing.

Give me a sec, and will fire up wireshark and show you example of this sort of traffic.

edit: So here is some example traffic on my home network.. This 192.168.1.99 is my popcorn hour A-110, this it announcing it UPnP services. The .97 and .98 are my DVRs - same thing. The 169.254 address are my Dvrs as well - they give themselves APIPA address for their local link stuff so multiple devices are sure to be able to talk to each other, etc.

This is typical noise on any network. If you do a sniff and we look into the packets we can see what it is sending, just from the mac address you can look up what device it is.

so see the mac there 00:06:DC Syabas Technology (Amquest), Sybas is hardware in the popcorn hour

[Navan]

The problem has stopped for now, so I'll have to wait for it to return and use wireshark.

[+BudMan MVC]

Its not a problem - pretty much every single network is going to have multicast traffic on it.. I find it unlikely it could of of such a level that it would hinder your machines use of the internet. Guess on a really slow wireless network maybe typical multicast could take a bite out of performance.

Here is sniff from my work machine.. Look you got all other users machines here sending out SSDP discover multicast traffic

From the MAC we can see it is a

5C:26:0A Dell Inc.

Here is info about SSDP

http://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol

If you want to disable this on your machines running windows, we can go over that. If you have a smart switch you could turn on IGMP snooping to block it, etc. But it typical noise your going to see pretty much on any network that has user type devices on it.

[Navan]

That's a lot of technical terms and info you're throwing at me. I'm not understanding it. Could this problem be possible cuz I'm using a wi-fi router? (connected via lan to my pc) Next time it occurs, I'll connect directly to the modem and see what's wrong.

[+BudMan MVC]

Without any technical jargon - this traffic is going to be seen on ANY network - no it has nothing to do with you being on wireless or wired..  It is your devices looking for other devices.

[Navan]

Damn it. Well I'll use wireshark next time it occurs. Thanks for your help. :)

[+BudMan MVC]

Sure grab a sniff and we can look to identify what it is - I can promise you the traffic is there now as well.  If there is any other windows computers or media players, dvrs, etc.. you will have multicast traffic.  Multicast just means a special type of address that goes to every device on the network, not just 1 IP address.