dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
605
d1sc0rd
join:2004-10-20
Seattle, WA

d1sc0rd

Member

[DSL] mystery traffic causes network halt

Hello,

One of our roomates has an XP box with a wireless netgear adapter. Whenever we allow him to connect to the network from our routers status page we see him constantly hitting google , yahoo, microsoft and intels websites. It is about every second. Our network slows down to almost a halt. If we take him off the network then it works fine.

I installed ethereal on his box to watch the traffic leaving it but was unable to capture any packets at all even when using a web browser on his machine myself. We then ran his virus software and then afterward tried housecall.trendmicro.com . Neither detected any virii and the problem still occured.

Next I reinstalled XP on his machine but once it was up again we see the same traffic comming from him and the net is unbarably slow. Has anyone experienced anything similar or have any advice on how to troubleshoot this or get our network working?


Lanik
Lab-nik

join:2001-06-25
San Francisco, CA

Lanik

Take a look at the steps outlined in this FAQ: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Download and install the software it suggests and run the scans mentioned. Post the logs then we'll see where we stand.

My guess is trojan virus or something else calling home.
d1sc0rd
join:2004-10-20
Seattle, WA

d1sc0rd

Member

Ok after i get my roomie to follow mentioned steps I'll make another post. Sounds like it might take a few days espically with his old computer and all the storage he has.

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to d1sc0rd

Premium Member

to d1sc0rd
Sounds more like hardware, driver, connection manager, browser add-ons or application update setups to me, not a virus or hacked system(unless it's rooted). Doing the cleaning steps won't hurt though.

I'd guess Ethereal wasn't able to capture wireless traffic because he's using a utility like IBM's Thinkvantage connection manager that doesn't play well with Ethereal. You could also use Wireshark - that's the current Ethereal replacement. Packetyzer is also a handy Wireshark enhancement.

You can also use NETSTAT -b -n to see which apps are connecting to where and shut them down one at a time to see if any are culprits.

A once per second browser connection seems unlikely to slow a network significantly. Check his TCP settings and look for duplicate MACs or IP addresses. You could even temporarily swap out the wireless adapter in case it's defective and looping hot bits to the network.

Lastly, he might have installed a bad driver for the card. IBM's thinkVantage update indicated an upgrade from Intel for my wireless card. Microsoft whined about uncertified driver, but I ignored that, resulting in big problems with the wireless slowing and dropping. Thank heavens fore system restore

How does his PC fare on a wired connection?
rdhw
join:2002-09-21
Cambridge UK

1 recommendation

rdhw to d1sc0rd

Member

to d1sc0rd
said by d1sc0rd:

I installed ethereal on his box to watch the traffic leaving it but was unable to capture any packets at all even when using a web browser on his machine myself.
Ethereal (or Wireshark) will not work with many wireless adapters when set to "promiscuous" mode, because the adapter drivers will not allow it. So configure Ethereal/Wireshark to non-promiscuous mode, and it will log all packets in and out of the PC.