cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Heavy Data Usage

MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: Heavy Data Usage

‎30-04-2011 8:57 PM

Thanks Harry. As you can see there are a number of connections to addresses 88.221.84.72 and 88.221.84.17 on port 80 and so whilst we can assume that these are likely HTTP (web) connections unfortunately the addresses don't give much away themselves because they belong to Akamai who are a global content delivery network and effectively act as mirrors for other (usually large) sites.
If you're feeling up to it I think a network capture using Wireshark would be helpful as we would then be able to peek inside the packets to see what the actual traffic is, in particular what sites are being requested via Akamai. Happy to walk you through doing this if you like.
Mathew
Message 16 of 31
(705 Views)
0 Thanks
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Heavy Data Usage

‎30-04-2011 9:26 PM

It appears that Akamai have started using P2P
Have a read here http://stream-recorder.com/forum/akamai-netsession-interface-and-disalbe-t7217.html
Message 17 of 31
(705 Views)
0 Thanks
Peter_Vaughan
Grafter
Posts: 14,469
Registered: ‎30-07-2007

Re: Heavy Data Usage

‎30-04-2011 9:37 PM

As I said in my reply earlier...
Quote
Some of the dos based tools can tell you what is using the network. Try netstat -ano which shows open / waiting ports. The -o also shows the PID which you can find the process in question in process explorer.

With the PID you can find what process is using each of the network connections
Message 18 of 31
(705 Views)
0 Thanks
MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: Heavy Data Usage

‎30-04-2011 9:59 PM

Ah, yes, that does make eminently more sense!
Mathew
Message 19 of 31
(705 Views)
0 Thanks
HarryR
Newbie
Posts: 8
Registered: ‎27-04-2011

Re: Heavy Data Usage

‎30-04-2011 10:32 PM

You do not seem to be able to send Wireshark files in their native format, so I have created a PDF of the file; it has a lot of pages, hopefully it makes sense to you. I was trying to get a PDF with the expanded information, but it is proving difficult to get the file size down to under 4096Kb, but if you need it in that form, I will do a shorter scan.
I have checked for the presence of Akamai on the computer using the information obtained by following the link from oldjim, but it does not seem to be on the computer.
Message 20 of 31
(705 Views)
0 Thanks
MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: Heavy Data Usage

‎01-05-2011 12:58 AM

Quote from: HarryR
You do not seem to be able to send Wireshark files in their native format

You can save the dump in a libpcap file; a standard file format that can be read by most packet analysers.
However, Peter's suggestion of finding the PID's, and presumably identifying the named processes with task manager (I don't use Windows much not sure if there's a CLI equivalent), would likely cut to the chase.
From a quick glance at the PDF there seems to be a regular sequence of local UPnP traffic but the native libpcap dump will give a better indication of how much a proportion this represents.
Mathew
Message 21 of 31
(705 Views)
0 Thanks
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Heavy Data Usage

‎01-05-2011 8:41 AM

I hope that Wireshark capture tells somebody something because I (without the benefit of Wireshark experience) cannot make out anything more than ongoing communication with Akamai.
Have you tried closing the Windows sidebar?  Many of the gadgets update themselves by communication with an internet server so a faulty gadget might conceivably run amok and start demanding huge quantities of data. 
Message 22 of 31
(705 Views)
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Heavy Data Usage

‎01-05-2011 8:51 AM

If you search the PDF file for "HTTP GET", you see this:
No.      Time              Source              Destination      Protocol      Info
26      0.089999      192.168.0.2      88.221.84.72      HTTP GET /defs/dm/symcdefsi3264.exe HTTP/1.1
183      1.278020      192.168.0.2      88.221.84.72      HTTP GET /defs/dm/symcdefsi3264.exe HTTP/1.1
339      2.466048      192.168.0.2      88.221.84.72      HTTP GET /defs/dm/symcdefsi3264.exe HTTP/1.1
It repeats at regular intervals. My guess is that Norton (Symantec) has got stuck in a loop and is downloading updated definitions over and over and over again, but never manages to install them correctly.
Message 23 of 31
(705 Views)
0 Thanks
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Heavy Data Usage

‎01-05-2011 10:13 AM

If it's Norton, I recommend using the Norton removal tool http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US to completely uninstall it then download and install the latest version.  This is usually a remarkably painless process.  However I would have thought it is perfectly normal for security software to check for updated definitions at regular intervals.
Message 24 of 31
(705 Views)
0 Thanks
MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: Heavy Data Usage

‎01-05-2011 8:57 PM

Quote from: ReedRichards
However I would have thought it is perfectly normal for security software to check for updated definitions at regular intervals.

This is every second though, at least for the 20s snapshot window that we've been given.
Mathew
Message 25 of 31
(705 Views)
0 Thanks
HarryR
Newbie
Posts: 8
Registered: ‎27-04-2011

Re: Heavy Data Usage

‎02-05-2011 12:04 PM

Here is the netstat –ano capture how do you decode the PIDs?
Message 26 of 31
(705 Views)
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Heavy Data Usage

‎02-05-2011 1:30 PM

You could use TCPView instead from sysinternals: http://technet.microsoft.com/en-gb/sysinternals/bb897437
Message 27 of 31
(705 Views)
0 Thanks
HarryR
Newbie
Posts: 8
Registered: ‎27-04-2011

Re: Heavy Data Usage

‎02-05-2011 2:54 PM

I have managed to get a workaround of the problem. By creating a new user profile, there is not any heavy data traffic so far, but the heavy data traffic remains on the old profile. Does this eliminate any of the suggested problems? Should I continue to try to solve the original problem or just delete the problem profile?
Message 28 of 31
(705 Views)
0 Thanks
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Heavy Data Usage

‎02-05-2011 4:46 PM

Peer-to-peer applications like Limewire usually run on a per user basis, as does the Windows sidebar but Norton does not.  So I would say this could support my theory of an errant sidebar gadget but not ejs' theory of Norton malfunctioning. 
Message 29 of 31
(705 Views)
0 Thanks
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Heavy Data Usage

‎02-05-2011 4:47 PM

I suggest comparing the running processes on the two profiles as shown by Task Manager  - that should point to the problem
Message 30 of 31
(706 Views)
0 Thanks