Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Upload traces
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Upload traces
Upload traces
29-09-2015 3:11 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Last Friday (25/9) afternoon I noticed in Netmeter, and then my modem log, that my system had done and was still doing a large amount of unexpected and unexplained uploading. I did what I could then - removed the machine-modem cable, ran MS Malware remover and also an AVG full scan - both negative - and checked after recabling that it had ceased. I also got a later message from Google search on my Linux machine, that my then IP address had been blocked by them because of untoward traffic.
What I'm wondering now is, is there any way of divining from PN logs what kind of interference was at work, and what the motivation might have been? I haven't totally ruled out an innocent piece of software going termporarily delirious, but ... I'm afraid I can't atm find a note of my IP address for that day, but it was maintained for several hours, including well after the event. I first noticed the uploads at 14:55.
Back to Zone Alarm perhaps now. It at least has a bidirectional firewall. I can't remember now the reason I switched from it. Probbaly a bad interaction with some other software.
What I'm wondering now is, is there any way of divining from PN logs what kind of interference was at work, and what the motivation might have been? I haven't totally ruled out an innocent piece of software going termporarily delirious, but ... I'm afraid I can't atm find a note of my IP address for that day, but it was maintained for several hours, including well after the event. I first noticed the uploads at 14:55.
Back to Zone Alarm perhaps now. It at least has a bidirectional firewall. I can't remember now the reason I switched from it. Probbaly a bad interaction with some other software.
Message 1 of 5
(887 Views)
4 REPLIES 4
Re: Upload traces
29-09-2015 5:09 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Running Wireshark (from https://www.wireshark.org/) whilst the uploads are in progress will show you what is being transferred and the destination address. Note this can accumulate a lot of data very quickly - running for a few seconds is normally all that is needed.
David
Message 2 of 5
(573 Views)
Re: Upload traces
29-09-2015 6:03 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Change password on router?
Message 3 of 5
(573 Views)
Re: Upload traces
30-09-2015 8:39 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I guess that comment was may be seeking to suggest changing the wifi pass phrase to eliminate the possibility of a wifi hi-jack?
In that frame of mind, do you have Ethernet over power plugs using their default security keys? That can also be a source of having your internet connection hi-jacked.
In that frame of mind, do you have Ethernet over power plugs using their default security keys? That can also be a source of having your internet connection hi-jacked.
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
Message 4 of 5
(574 Views)
Re: Upload traces
08-10-2015 9:53 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Wireshark's been sitting waiting for a try out for some time. I've also refamilarised myself with ProcMon and TCPView, both from the Sysinternals stable, and configuring for that kind of monitoring. I only had the presence of mind to take screenshots of a quick Netstat and a Task Manager process list, but neither of them showed up anything obvious. I wish now I'd at least progressively killed off processes one by one. Perhaps oddly, there's been no recurrence.
I don't use default passwords, and tediously have to login to my modem each day to monitor usage. The power plug hypothesis was beguiling, given that I'm in a multi-flat house, but a non-starter: the Devolo units I use are each individually connected using a randomly generated encrypted key. Besides, the outflow showed up in Netmeter running on my Windows PC, which implies that that machine was the origin.
I don't use default passwords, and tediously have to login to my modem each day to monitor usage. The power plug hypothesis was beguiling, given that I'm in a multi-flat house, but a non-starter: the Devolo units I use are each individually connected using a randomly generated encrypted key. Besides, the outflow showed up in Netmeter running on my Windows PC, which implies that that machine was the origin.
Message 5 of 5
(574 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page