Packet spewing laptop - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 03-21-2005, 04:56 PM   #1 (permalink)
Newb Techie
 
Join Date: Mar 2005
Posts: 5
Default Packet spewing laptop

I am futzing with a Gateway laptop using XPhome SP2. As soon as you plug the thing in to a LAN connection, it seems like it spews packets like no tomorrow. The packets sent under the LAN status goes from 0 to 25 million + in a few seconds and keeps climbing at an exponential rate. It doesn't seem to consume much in the way of CPU resources or even network resources...although I can't browse anywhere with it. I have updated the definitions and scanned for viruses (Norton 2004), scanned with Spybot, Ad Aware, TDS-3, Trojan Hunter and tried MS's detection tool. I tried resetting the Winsock and checked some known ports for IRC-type connections. The problem is rather stubborn, can't say I've ever seen something like this before....

I have yet to try MS's Antispyware tool or Hijack This. Any other ideas before I try these tools?
__________________

racingboy532 is offline  
Old 03-22-2005, 10:11 AM   #2 (permalink)
Newb Techie
 
Join Date: Mar 2005
Posts: 5
Default

Anybody?
__________________

racingboy532 is offline  
Old 03-22-2005, 11:05 AM   #3 (permalink)
Lord Techie
 
Join Date: Jan 2005
Posts: 8,013
Send a message via AIM to DJ-CHRIS
Default

Run a packet sniffer and see what it's sending

Ethereal is a good one
DJ-CHRIS is offline  
Old 03-23-2005, 10:18 AM   #4 (permalink)
Newb Techie
 
Join Date: Mar 2005
Posts: 5
Default

I was thinking about it...

I ran Ethereal against the machine last night, along with two other AV programs and Trojan Hunter. The latter revealed nothing, nada, zip.
I have the captures from Ethereal but I am not so sure I understand what I am seeing. I assume the capture is a sampling of what is sent...

Over the course of 45 seconds or so, the laptop spews 448 million+ packets. Ethereal reports 94% are UDP packets.

Anyone have some ideas of what I should try next?
racingboy532 is offline  
Old 03-23-2005, 10:37 AM   #5 (permalink)
True Techie
 
Join Date: Feb 2005
Posts: 195
Default

Sounds like a spyware or hijacker issue.
__________________
At $0.02, your analysis is overpriced for its worth.
The_Urge is offline  
Old 03-23-2005, 11:00 AM   #6 (permalink)
Master Techie
 
Join Date: Oct 2003
Posts: 2,258
Default

this is on your home machine on a broadband connection right?
might I suggest that you use procXp from http://www.sysinternals.com/ntw2k/fr.../procexp.shtml .
That will enable you to find the process using the network. it's pretty easy.

Good luck
Inaris is offline  
Old 03-23-2005, 04:18 PM   #7 (permalink)
Newb Techie
 
Join Date: Mar 2005
Posts: 5
Default

The_Urge,
Please re-read the post...

Inaris,
The problem is on a co-wrokers personal laptop. It is located on a cable connection. I am at a loss regarding how the machine was compromised as it's using two firewalls, AV, SpywareBlaster, Spybot and AdAware and the owner claims innocence (of course)...I did not see any errant processes or services, at least using Blackviper's XP service guide.

I will check into the sysinternals tool tonight. Thanks for the help and response.
racingboy532 is offline  
Old 03-23-2005, 04:41 PM   #8 (permalink)
Systems Engineer
 
Crysalis's Avatar
 
Join Date: Dec 2004
Location: United States
Posts: 1,675
Send a message via AIM to Crysalis
Default

I know you said you did these scans, but it sounds like spyware problems. Make sure spybot is updated to version 1.3 The old version (1.2) is no longer supported/updated. Also, spyware blaster has a new version as well... be sure to update that too. SpywareBlaster does not automatically update itself unless you buy it... you have to manually update and install the new def's.

Also, try installing MS antispyware. It works very well as it also scans memory processes.
__________________
I have a computer with stuff in it.
Crysalis is offline  
Old 03-23-2005, 05:47 PM   #9 (permalink)
Newb Techie
 
Join Date: Mar 2005
Posts: 5
Default

Crysalis,

I am using Spybot 1.3 and SpywareBlaster v3.3. All the tools I have used were updated in the last week...I know this sounds like a spyware problem or some kind of Trojan and it has been quite frustrating...I have yet to try MS antispyware.

I am beginning to suspect there is some kind of OS or strange NIC problem.
racingboy532 is offline  
Old 03-23-2005, 08:15 PM   #10 (permalink)
True Techie
 
Join Date: Jan 2005
Posts: 158
Default

The NIC may be buggered in doing so broadcasting packets onto the network. One thing you may try if already havent is to disable the 1st Nic and use a PCMCIA NIC and see if you are having the same issue, if not then the NIC is faulty. As suggested run Virus scans and spy wear scans.
__________________

__________________
I\'m not your Google Butler!
dexta182 is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 09:53 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.