Network activity, trying to find the source, but can't find anything

Discussion in 'Windows Desktop Systems' started by Glaanieboy, Jan 26, 2005.

  1. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    I have a router, which in turn is connected to my computer. For months now, the light on my router, indicating the WAN activity, is blinking it's a$$ off. It's like someone is accessing the router, not once, not twice, but a gazillion times per second. Today I thought, enough is enough, I downloaded TCPview and connected the WAN line directly to my computer, bypassing the router. I immediately noticed the light on my NIC blinking, so I started TCPview. Except for MSN Messenger connecting to the MS Passport servers, nothing happened in TCP view. Also my 'software light' (the two computers indicating network activity in Windows) didn't light up. But my NIC lights were blinking^2000/sec. What can it be? Could it be DHCP broadcasts? My provider uses DHCP for connections (meaning I can directly put in any computer on the modem, without configuring), could it be it sending too much broadcasts around (or something similar)?
     
  2. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    fimchick likes this.
  3. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    I've got McAfee firewall and it doesn't pick up anything weird ;)
     
  4. fimchick

    fimchick OSNN Senior Addict

    Messages:
    276
    Location:
    Somewhere
    It can really be anything or nothing at all. You may have a jabbering NIC card, which would mean it's going bad, and as a result you may or may not notice a difference in your connection quality. I would do what Mastershakes recommended and see what ZoneAlarm picks up. Most likely it's nothing at all.
     
  5. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    It happens in both my router (the WAN light) and when I directly connected the WAN line to the NIC of my machine.
     
  6. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    Somebody is attempting to ping you. Whether it is a check by your isp to see if you are connected (unlikely that should not be constantly flashing) or hacker activity keep a firewall up. It sounds like the NAT in your router was blocking it at the WAN level. That is why you see nothing with your firewall software. If you take down the router and have a software firewall up too it should record the attempts. Other possibilities are:
    P2P software,
    Spyware (you've been around long enough to have checked for this),
    MSN Messenger,
    Some application you have fogotten about (check task manager and make sure all are accounted for)
    But I would expect these to show LAN activity lights too.

    Check to see if your ping is externally visibly. If it is the flashing is people probing you.

    If you have cable as opposed to DSL it could be another computer on your cable trunk that is infected by a virus spewing. Many cable providers in the USA have this problem.


    I'm comfused that your firewall isn't detecting and reporting the intrusion when you are directly connected to the WAN. If you have a WAN light on your Modem is it blinking also? Check if you have intrusion reporting turned off in the firewall. Zonealarm allows you to do that. And try zonealarm too (with the router DMZ or removed). Maybe it will record something.

    It could be NETBIOS requests and you have NETBIOS disabled? No, that would show on the LAN too.

    My, last guess - Is someone trying to hack your Router Setup Password?
     
  7. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    Im curiuos. Cable internet, is sometimes a shared connection meaning your neigbours are all going trhough the same line (shared bandwidth). Would the router just be seeing this activity?

    My uncle has cable and his router does what ur describing, I just assume it was the cable and the shared bandwidth.

    If I'm wrong I hope someone will set me right.
     
  8. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    router would only see that if it was set to promiscuous as the switch at the cable hub would know that you were not he destination of the traffic
     
  9. zeke_mo

    zeke_mo (value not set) Staff Member Political User Folding Team

    Messages:
    1,984
    Location:
    Placerville, CA
    try starting you computer in DOS(assuming you use windows) and see if its still going, if it isnt then it might be driver/OS related
     
  10. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    OK, it can't be an app in Windows, since it's only my WAN light that is blinking, not the lights that represent my connection to the router. And yes, the WAN lights on my modem are also blinking. I have the DMZ directed to my PlayStation2. I contacted my ISP yesterday evening, and he ping'ed me, he noticed that my ping was rather high, about 200+ while normally it should me <20.
     
  11. Zedric

    Zedric NTFS Guru Folding Team

    Messages:
    4,006
    Location:
    Sweden
    My WAN light blinks all the time too, it's perfectly allright. It'sjust traffic spinning around the local part of the network outside myrouter (i.e. neighbours) and isn't destined for my ip, so the routerdoesn't even pick it up. But it shows as activity on the WAN led. It'sperfectly normal.

    (Some people don't have this, it's dependant on how the local network is built up outside your home.)
     
  12. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    My ISP used to have an autthentication system over using PPPoE, but since early last year they use DHCP, with no authentication, except for the MAC address of the modem. Could the use of DHCP explain what's going on?
     
  13. Zedric

    Zedric NTFS Guru Folding Team

    Messages:
    4,006
    Location:
    Sweden
    Hmm. Maybe. I don't really know how PPPoE works deep down, but I don'tthink there should be a difference at that level. But there could be.

    Hopefully the traffic you're seeing isn't very much traffic. Even justa few kps in a steady stream will make the led blink like crazy.
     
  14. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    Hmm, nothing to worry then. Thanks :)
     
  15. Kush

    Kush High On Life!

    Messages:
    4,590
    Location:
    Montreal, Quebec
    hehe, its me, im leeching from u lol dont tell anyone
     
  16. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    What are you leeching? :unsure: I backupped all my porn to cd's, so they're not on the HD anymore. Same goes for my game collection? Oh, I see, you want my personal photos and job application documents! Feel free to leech all you want :p
     
  17. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    That's what I was trying to say.