Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Constantly Downloading from DSL

Started by kcmgroup , May 23 2006 06:27 AM

  • Please log in to reply

#1
kcmgroup
Posted 23 May 2006 - 06:27 AM

kcmgroup

    New Member

  • Member
  • Pip
  • 4 posts
First off let me say Hello everyone on the site!
I have done a search and cannot find information on a problem I am having with my server, so here it goes:
I hired a tech to set up my server and I know am having second thoughts on their abilities, hence I am here trying to figure out the problem myself.

I have a dell server with 2003 Server Operating System, well about a week ago the Server constantly is downloading and sending information, that is eating all my bandwidth (my desktops will not operate or take extended amounts of time to download). I have tried to go into the Windows Security and find out what the problem is and this is the message I get: "Windows Firewall cannot run because another program is running that might use the network address translation component (Ipnat.sys)"
I asked around and someone told me that it may be a rogue virus, the problem is I am new too servers and would like to see if anyone can pinpoint what my problem is. I am worried that all my data is being compromised, I specifically told the Tech to set it up so that no one is able to hack or get into this server because it is used for mostly remote access from around the world. I was repeatedly told by the tech's that there is no way I would get viruses or hacked as they reassured me that it was set up so this type of incident would not happen, but it did my greatest fear!

Any help or direction would be appreciated. I think its time for me to learn more about my server than trusting a reputable company, thanks again.

kcmgroup
  • 0

Advertisements

#2
gerryf
Posted 23 May 2006 - 06:40 AM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
how do you know it is constantly sending and downloading?

What indicates this to you? And since this is a remote access server, should it not be sending and receiving data?

Also, since you are using the server and a remote access server, that message is normal--the built in Windows firewall is stupid. it will block everything coming in, which you do not want. It is disabled by design for RAS

Do you have a hardware firewall in addition to this, which is set up to allow remote access, or are you completely without a firewall? Other than the heavy traffic, it sounds like they probably set it up correctly.
  • 0

#3
kcmgroup
Posted 23 May 2006 - 07:00 AM

kcmgroup

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
gerryf, thanks for the quick response.

The bridged router is constantly flashing and downloading from the www, on the server connection tab under general, while the desktops were shut off last night the Activity Section say's Packets Sent 902,597, and packets received 965,507. I made sure after rebooting the server last night that all automatic downloads were turned off, hence the light on my router was flashing still this morning. Also all the desktops take about 2 minutes to load a page. I checked the download speed under normal operating conditions and it was at 3 mps and upload was 390 kbps, when the server is running I only get 226 kbps and 88 kbps respectively.

I am only running the supplied firewall IN WINDOWS 2003 SERVER I was told that I needed no other hardware or software to run the server.

As far as heavy traffic. There is only one person on the system remotely at a time. Its not like we are constantly on the server, there are only two desktops hooked as a network in the office and I and the office manager probably use a couple of days a week, so there is no traffic. The traffic is coming from the www into my server.

kcmgroup
  • 0

#4
gerryf
Posted 23 May 2006 - 07:13 AM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
There is a basic firewall in RRAS--this is seperate from the Windows built in firewall, which blocks all incoming traffic. You would not want that on with RRAS

A more elaborate setup would include a hardware or software firewall with exceptions programmed in to allow RAS traffic. I cannot say if you need a more elaborate setup or not...did your consultant talk to you about this?

You are going to have some traffic even when you are not using the network just for network traffic, but that does seem excessive. Is this a domain? Maybe this Active Directory replication going on?

Was this a turnkey setup, or is this server managed by your consultant?

Have you talked to him/her about this? Probably the next step is to install some packetsniffing software and see what kind of information is traveling back and forth across the interface
  • 0

#5
kcmgroup
Posted 23 May 2006 - 07:29 AM

kcmgroup

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
No the domain (my website was left at dreamxxxx) I did not want the traffic on my server as the only real thing we use it for is Quickxxxxx.

the guy's working on the server is a network server company, they set the whole sever and networks, the problem is I don't know a whole lot about servers but neither do they! Its been one problem after another, and thousands of dollars later nothing, I have lost the faith.

kcmgroup
  • 0

#6
gerryf
Posted 23 May 2006 - 07:36 AM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
you didn't exacly answer my question--turnkey or managed (meaning they log in remotely and watch the server)

It would be difficult for us to troubleshoot this over a bulletin board--packet sniffing an interface is a ton of data and its as much art as science.

Could be as simple as a malfunctioning NIC

Perhaps a look in at running processed may help

http://www.sysintern...ssExplorer.html

download, run, and take a screen shot...post/attach the result
  • 0

#7
kcmgroup
Posted 23 May 2006 - 02:58 PM

kcmgroup

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I did not know the answer in tech terms but we vpn into the server to update our quick books and files, I give access, sorry the best I can do!

here is the screen shot, hope this helps, I noticed my cpu is maxed




Process PID CPU Description Company Name
System Idle Process 0 98.46
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 636 Windows NT Session Manager Microsoft Corporation
csrss.exe 724 0.77 Client Server Runtime Process Microsoft Corporation
winlogon.exe 756 Windows NT Logon Application Microsoft Corporation
services.exe 800 0.77 Services and Controller app Microsoft Corporation
svchost.exe 1052 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 3536 WMI Microsoft Corporation
wmiprvse.exe 3616 WMI Microsoft Corporation
svchost.exe 1228 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1284 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1336 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1368 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 592 Spooler SubSystem App Microsoft Corporation
msdtc.exe 632 MS DTCconsole program Microsoft Corporation
cisvc.exe 1168 Content Index service Microsoft Corporation
cidaemon.exe 3864 Indexing Service filter daemon Microsoft Corporation
cidaemon.exe 460 Indexing Service filter daemon Microsoft Corporation
dfssvc.exe 1212 Windows NT Distributed File System Service Microsoft Corporation
dns.exe 1320 Domain Name System (DNS) Server Microsoft Corporation
svchost.exe 1516 Generic Host Process for Win32 Services Microsoft Corporation
inetinfo.exe 1568 Internet Information Services Microsoft Corporation
llssrv.exe 1604 Microsoft® License Server Microsoft Corporation
sqlservr.exe 1668 SQL Server Windows NT Microsoft Corporation
sqlservr.exe 1696 SQL Server Windows NT Microsoft Corporation
ntfrs.exe 1716 File Replication Service Microsoft Corporation
svchost.exe 2032 Generic Host Process for Win32 Services Microsoft Corporation
sbscrexe.exe 168 SBS Licensing Service Microsoft Corporation
snmp.exe 212 SNMP Service Microsoft Corporation
OWSTIMER.EXE 320 SharePoint Timer Service Microsoft Corporation
svchost.exe 380 Generic Host Process for Win32 Services Microsoft Corporation
tssdis.exe 252 Terminal Server Load Balancing Directory Integrity Service Microsoft Corporation
wins.exe 560 WINS SERVER Microsoft Corporation
tcpsvcs.exe 576 TCP/IP Services Application Microsoft Corporation
exmgmt.exe 1180 Microsoft Exchange WMI Provider Microsoft Corporation
mad.exe 2452 Microsoft Exchange Server - System Attendant Microsoft Corporation
mssearch.exe 2536 Microsoft PKM Search Service Microsoft Corporation
svchost.exe 2640 Generic Host Process for Win32 Services Microsoft Corporation
w3wp.exe 5056 IIS Worker Process Microsoft Corporation
store.exe 3252 Microsoft MDB Store Microsoft Corporation
emsmta.exe 3328 Microsoft Exchange MTA Microsoft Corporation
imbservice.exe 2816 IMBSERVICE Module Microsoft Corporation
svchost.exe 2876 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 812 LSA Shell Microsoft Corporation
csrss.exe 6092 Client Server Runtime Process Microsoft Corporation
winlogon.exe 5624 Windows NT Logon Application Microsoft Corporation
rdpclip.exe 884 RDP Clip Monitor Microsoft Corporation
axlbridge.exe 2196 AXLBridge Module Intuit Inc.
csrss.exe 3740 Client Server Runtime Process Microsoft Corporation
winlogon.exe 4604 Windows NT Logon Application Microsoft Corporation
rdpclip.exe 2296 RDP Clip Monitor Microsoft Corporation
explorer.exe 4672 Windows Explorer Microsoft Corporation
sqlmangr.exe 5540 SQL Server Service Manager Microsoft Corporation
iexplore.exe 4560 Internet Explorer Microsoft Corporation
procexp.exe 5912 Sysinternals Process Explorer Sysinternals
explorer.exe 4564 Windows Explorer Microsoft Corporation
sqlmangr.exe 4936 SQL Server Service Manager Microsoft Corporation
mmc.exe 6004 Microsoft Management Console Microsoft Corporation
QBW32.EXE 5832 QuickBooks Intuit Inc.
QBDBMgr.exe 5820 QuickBooks Database Manager Intuit, Inc.
explorer.exe 5212 Windows Explorer Microsoft Corporation
sqlmangr.exe 4380 SQL Server Service Manager Microsoft Corporation
iexplore.exe 2280 Internet Explorer Microsoft Corporation
taskmgr.exe 5076 Windows TaskManager Microsoft Corporation
mmc.exe 5044 Microsoft Management Console Microsoft Corporation
  • 0

#8
gerryf
Posted 23 May 2006 - 03:15 PM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
that does not showthe cpu usage--I am trying to see what is working so hard, if possible

that said, nothing seems awry. Those are all expected processed given your situation.

Does the load continue if exchange is shutdown?
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP