cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Upload traces

lemming
Grafter
Posts: 30
Thanks: 1
Registered: ‎16-03-2015

Upload traces

‎29-09-2015 3:11 PM

Last Friday (25/9) afternoon I noticed in Netmeter, and then my modem log, that my system had done and was still doing a large amount of unexpected and unexplained uploading.  I did what I could then - removed the machine-modem cable, ran MS Malware remover and also an AVG full scan - both negative - and checked after recabling that it had ceased.  I also got a later message from Google search on my Linux machine, that my then IP address had been blocked by them because of untoward traffic.
What I'm wondering now is, is there any way of divining from PN logs what kind of interference was at work, and what the motivation might have been?  I haven't totally ruled out an innocent piece of software going termporarily delirious, but ...  I'm afraid I can't atm find a note of my IP address for that day, but it was maintained for several hours, including well after the event.  I first noticed the uploads at 14:55.
Back to Zone Alarm perhaps now.  It at least has a bidirectional firewall.  I can't remember now the reason I switched from it.  Probbaly a bad interaction with some other software.
Message 1 of 5
(885 Views)
0 Thanks
4 REPLIES 4
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: Upload traces

‎29-09-2015 5:09 PM

Running Wireshark (from https://www.wireshark.org/) whilst the uploads are in progress will show you what is being transferred and the destination address. Note this can accumulate a lot of data very quickly - running for a few seconds is normally all that is needed.
David
Message 2 of 5
(571 Views)
0 Thanks
cedlor
Grafter
Posts: 687
Thanks: 2
Registered: ‎02-04-2015

Re: Upload traces

‎29-09-2015 6:03 PM

Change password on router?
Speed@PNTelephone FaultsSpeed@BTW
Message 3 of 5
(571 Views)
0 Thanks
Townman
Superuser
Superuser
Posts: 22,985
Thanks: 9,583
Fixes: 159
Registered: ‎22-08-2007

Re: Upload traces

‎30-09-2015 8:39 AM

I guess that comment was may be seeking to suggest changing the wifi pass phrase to eliminate the possibility of a wifi hi-jack?  Roll_eyes
In that frame of mind, do you have Ethernet over power plugs using their default security keys?  That can also be a source of having your internet connection hi-jacked.  Shocked

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Message 4 of 5
(572 Views)
0 Thanks
lemming
Grafter
Posts: 30
Thanks: 1
Registered: ‎16-03-2015

Re: Upload traces

‎08-10-2015 9:53 AM

Wireshark's been sitting waiting for a try out for some time. I've also refamilarised myself with ProcMon and TCPView, both from the Sysinternals stable, and configuring for that kind of monitoring. I only had the presence of mind to take screenshots of a quick Netstat and  a Task Manager process list, but neither of them showed up anything obvious.  I wish now I'd at least progressively killed off processes one by one.  Perhaps oddly, there's been no recurrence.
I don't use default passwords, and tediously have  to login to my modem each day to monitor usage.  The power plug hypothesis was beguiling, given that I'm in a multi-flat house, but a non-starter: the Devolo units I use are each individually connected using a randomly generated encrypted key.  Besides, the outflow showed up in Netmeter running on my Windows PC, which implies that that machine was the origin.
Message 5 of 5
(572 Views)
0 Thanks