[ttvmupt]

Hello everyone.
For a while now I've noticed that my network [modem, static IP] has some unusual activity, being that the amount of sent packets is much larger than the ones that appear as received. And I am not referring to p2p connections; if I load a web page or download a package over a browser, the sent data always accounts for about 1.5 - 2 times over the amount of received data. I normally assumed some spyware infestation, so I ran multiple scans [Malwarebytes, Spybot, Superantispyware]. Multiple infections were discovered [mainly "backdoor trojans"] and taken care of. Now the HJTlog looks clean. But the high rate in traffic persists in the windows' network status. I tried Netlimiter to monitor the traffic rate - it looks normal, the transfer rate for say loading a web page is what it should be and it appears as the only process accessing the network; if the connection is idle, it stays that way. But in windows' network status, the traffic is continuous [it never gets "idle", it just slows down the transfer rate] and, as before, the sent packets are larger then received ones. What could account for this behavior? The network adapter is Nvidia nforce4 - could it be just a driver related problem? [can't update it, anyway, nvidia really pulled the plug on some old releases]
Thanks in advance

[Advertisements]

Hey ttvmupt -- welcome to G2G

My very first recommendation would be to ensure you have a third-party firewall installed -- the Windows firewall does not limit outbound traffic. If you do not, please download one -- here is a list of Free Antivirus and Antispyware Software as recommended by our malware staff.

Please also do the following:

• Press Start
• Select Run
• Type cmd and press OK
• In the new command prompt window, type netstat -a > C:\results.txt
• Navigate to your C: drive and open the text file results.txt -- please copy/paste the contents of this file into your next response.

Thanks,
- Dan

[Dan]

Hey ttvmupt -- welcome to G2G

My very first recommendation would be to ensure you have a third-party firewall installed -- the Windows firewall does not limit outbound traffic. If you do not, please download one -- here is a list of Free Antivirus and Antispyware Software as recommended by our malware staff.

Please also do the following:

• Press Start
• Select Run
• Type cmd and press OK
• In the new command prompt window, type netstat -a > C:\results.txt
• Navigate to your C: drive and open the text file results.txt -- please copy/paste the contents of this file into your next response.

Thanks,
- Dan

[ttvmupt]

Thanks for the reply Dan
Additional info - I used Netlimiter to view the active connections and it looks normal. No strange folk lurking around I also have been running Comodo firewall a while now. And, like I said, no spyware or virus infections detected. I suppose that, after all, it is just a driver conflict , but I just wanted to be sure.

netstat results

Active Connections

Proto Local Address Foreign Address State
TCP mirceah:3389 mirceah:0 LISTENING
TCP mirceah:1029 mirceah:0 LISTENING
TCP mirceah:1081 localhost:1082 ESTABLISHED
TCP mirceah:1082 localhost:1081 ESTABLISHED
TCP mirceah:1085 localhost:1086 ESTABLISHED
TCP mirceah:1086 localhost:1085 ESTABLISHED
TCP mirceah:netbios-ssn mirceah:0 LISTENING
TCP mirceah:2213 projects.sourceforge.net:http FIN_WAIT_1
UDP mirceah:isakmp *:*
UDP mirceah:4500 *:*
UDP mirceah:ntp *:*
UDP mirceah:1900 *:*
UDP mirceah:ntp *:*
UDP mirceah:netbios-ns *:*
UDP mirceah:netbios-dgm *:*
UDP mirceah:1900 *:*

Thanks again

[Dan]

Everything seems to check out. My main concern was whether or not you had a solid third-party firewall installed -- and you do

I suppose that, after all, it is just a driver conflict , but I just wanted to be sure.

Having a higher "Sent Packets" value isn't indicative of a faulty driver. You can have more sent than received packets for a variety of reasons, and it's actually quite common.

For example, when you connect to certain sites, you send more packets than you receive. Another cause is if the sent packet gets lost (which is sadly, quite common), and thus you will never receive a packet in response/ACK. This means that you will send an extra packet (often times more than one), thus causing your sent packets value to be greater. Finally, if you use P2P applications, you will often find yourself uploading more data than you download.

These are just a few examples -- so, I wouldn't panic if I were you It's quite normal.

- Dan