Member Avatar for Chaky

I was wondering if there is a tool that can identify which service/application is using network adapter.

Thing is, I am getting allot of network traffic in "idle" mode. All I know is that it is coming from my PC and is sent somewhere on the internet.
As "idle" mode, I mean enabled LAN and no applications running, at least to my knowledge.

My PC is connected to the internet via LAN trough the aDSL modem. (Router, I think)
Firewall is on. There are no suspicious programs allowed in the firewall settings and there are no obvious trojans/spyware active. Windows update is set to notify me of (not download) new updates. There are no 3rd party update services running. Each software that I'm using is set not to check for updates. At least, I think so.

Yet, the internet traffic is still there. I can see it as the LAN tray icon keeps blinking. I have a tool that connects to my ISP to check on the internet traffic used. That is how I know that the traffic is with internet and not LAN (there is another PC hooked to the aDSL modem).

So, a tool that identifies the application that is making the traffic would help me allot.

  • 4 Contributors
  • 13 Replies
  • 112 Views
  • 3 Weeks Discussion Span
  • Latest Post Latest Post by DimaYasny

Recommended Answers

All 13 Replies

Member Avatar for jbennet

you got any P2P?

Member Avatar for Chaky

Yes I do, but the traffic occurs when none of them are active. And I keep them all from automatically starting with windows.

The closest I got to figuring out what is causing it was by shutting down processes in task manager. I got listed about 6 svchost.exe and one of them is doing it. As I understand svchost, it is a general service hosting program, part of Windows OS. I just ran TASKLIST /SVC in command prompt and I got this list of hosted services by svchost:

6to4, AudioSrv, BITS, Browser, CryptSvc, Dhcp, dmserver, EventSystem, HidServ, LanmanServer, LanmanWorkstation, Messenger, Netman, Nla, RasMan, RemoteAccess, Schedule, SENS, SharedAccess, ShellHWDetection, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, DcomLaunch, TermService, RpcSs, Dnscache, Alerter, SSDPSRV, WebClient, stisvc

I need something that will tell me which one of them is making the traffic. I hope one of you guys can point out the tool that does just that. Googleing around I mostly found tools that monitor traffic and not much else.

Member Avatar for jbennet

What OS are you running and wgar service pack and type

Member Avatar for Chaky

XP pro SP2 up to date with dotnet framework 1.1 2.0 and 3.0

Member Avatar for DimaYasny

ethereal

commented: Good tip. Thanks. +5
Member Avatar for Chaky

I've tried downloading ethereal as you suggested, but somehow ended up downloading wireshark. I think that is the same thing, only different name. Anyway I can see destination IP adresses for each packet. Thanks.

Member Avatar for DimaYasny

yeah, it's the same tool. I keep forgetting they got rebranded

Member Avatar for jbennet

nmap is pretty good

It checks for open ports. Check its legal in your country though, in some places its considered a hacker tool

Member Avatar for DimaYasny

nmap is a port scanner, it doesn't show you the actual traffic

Member Avatar for jbennet

yah but it shows whats running

Member Avatar for DimaYasny

it only shows whats LISTENING and not filtered :)

Member Avatar for roleo

You could try installing Online Armor firewall which shows programs and their connection. More than just a firewall; has HIPS and Program Guard.

Member Avatar for DimaYasny

in that case aports is good enough - free and easy

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.