Why Does Your Modem Send As Much Data As It Receives?????

reply to post by LightSpeedDriver


Here is a capture since my last post note the connection was connected 2 mins approx





The capture below is from a hard direct line from my dsl 1.5 century link notice the data amounts in vs out




Can someone give me high and low side guess on how much data 50,000 packets contain, ( megs ) thx

reply to post by CherubBaby


Can you please post the taskmanager screenshot.

Originally posted by brill
What you are seeing is not an indication of a problem. To see if there is a problem use a sniffer as was previously suggested (not resetting windows counters, but actually inserting a sniffer to watch traffic).
brill

What he is seeing is certainly indicative of a problem, the ratio of traffic here is way out of wack. I suspect it will be malcode given he's seeing this on both a 3g modem and dsl (which takes out bad cable to the dsl modem, dirty lines causing retries, etc)

Originally posted by LightSpeedDriver
reply to post by Zaphod

 

Aah...thanks for explaining. I thought USB bus speed was 480 but thats close enough. I'm having a Homer moment...Doh!

480 is Firewire, no Homer moment I had to double check it too

reply to post by Zaphod


Here are the task mgr shots and something very interesting happened as I was typing this post. I will show you
Here is the first and second pics of the task mgr I had to capture it in two shots due to the height of the mgr







Here is a message from my antivirus. firewall. I have seen this message before but thought it was just a reminder

What ? wtf is that ?

reply to post by CherubBaby

50000 packets = about 70 megabytes of "data". Thats quite a lot to upload if you aren't actually uploading.
ETA When using ethernet. I have no idea of packet size via mobile networks.

ETA2 Yes, wireshark will be confusing. YOu will only need a short capture of a say a screenful or two of packets. Maybe you can upload a screen or file of the capture. Its bedtime here for me so maybe someone else can help on that or I'll look again tomorrow.

ETA3 I think that last screen on your post directly above mine is just telling you it has "discovered" that you are on a different network connection and has modified its policy accordingly but I am not familiar with that particular firewall software.

ETA4 One last thing, you do have a virus scanner installed, active and with up to date definitions?

reply to post by CherubBaby


Some folks claim the RtkBtMnt.exe process you have is malware, if it's running from your windows directory it is probably legit, but if from your temp directory it probably is not (attacker using the name of a common realtek process to confuse you).

Since you appear to have AVast installed (shudder) I presume you have it updated. Try Norton Power Eraser, this is only for use for systems presumed to be infected. The first time you run it you can simply post here what it wants to do (if anything) and I can comment on if its safe. I've had tremendous success bringing back 'dirty' machines with this. security.symantec.com...

reply to post by Zaphod

Good catch. I noticed avast in the process list too so assumed it was just a Realtek audio or network type thing but re-googling does indeed show some people having a virus with the same name. Its almost 8am and time for bed...

Click here for more information.

reply to post by Zaphod


I have alot of new data from whois , packets etc cam we talk?

reply to post by CherubBaby


Post away, I'm keeping an eye on the thread.

reply to post by Zaphod


What do you think , this is from commview.

reply to post by CherubBaby


Nothing jumps out, Agent.exe is the install shield updater. Everything else is from ie. the highlighted line is connected to an Akamai edge node.

Did you run Norton Power Eraser?

reply to post by Zaphod


Yes I ran i and it found weaher1 was not good. It took care of it but the data is still 1 out 1 in why is that?t

reply to post by CherubBaby

1st line with the highest number of packets resolves to Paltalk which appears to be some kinda webcam chat type thing.
If your webcam is constantly running that would explain the outgoing data. Does that ring any bells?

To OP..this may have already been covered...

Every req for data returns more than the data -- it requires handshaking, packaging, protocols, data, etc in both directions. All those bits and pieces add up.

Originally posted by mishigas

To OP..this may have already been covered...

Every req for data returns more than the data -- it requires handshaking, packaging, protocols, data, etc in both directions. All those bits and pieces add up.

Not to this level, not even remotely close.

Originally posted by LightSpeedDriver
reply to post by CherubBaby

 

1st line with the highest number of packets resolves to Paltalk which appears to be some kinda webcam chat type thing.
If your webcam is constantly running that would explain the outgoing data. Does that ring any bells?

edit on 3/12/11 by LightSpeedDriver because: Clarification, link embedded

Good catch, I hadn't walked thru all the destination addresses.

reply to post by Zaphod

No worries. You caught things I didn't too. I think we work well together To be fair I just picked the largest packet receiver.

reply to post by Zaphod

Originally posted by mishigas

To OP..this may have already been covered...

Every req for data returns more than the data -- it requires handshaking, packaging, protocols, data, etc in both directions. All those bits and pieces add up.



Not to this level, not even remotely close.

The level I speak of is seen in practically eveny net communication, whereas yours is specifc to some chat app.