# Suspicious Internet Activity



## Aokin (Jul 18, 2008)

Ive noticed of late that when I am not actively logging onto websites or even have any web browers open that my internet registers a lot of activity. No other programs (so far as I can tell) such as file-sharing programs are active. 

How can I determine what activity is taking place and trace to either programs on my computer (maybe something is trying to update) or partially discern where the activity is being initiated from ?

Thank you very much for your time and assistance.


----------



## Jack.Sparrow (Jan 22, 2007)

Hi Aokin, welcome to TSF. 

Do you have a unencrypted or encrypted wireless network? Is yours the only computer connected to the internet connection? Does the activity persist if you turn off your computer?


----------



## af3 (Jun 18, 2008)

It could just be internet background radiation.


----------



## johnwill (Sep 26, 2002)

FWIW, many ISP's show continuous activity when you are doing nothing. When I had Comcast, it had continuous activity indicated by the modem. When I monitored the traffic, it was ARP packets for a whole range of IP addresses, including some not in my subnet. I asked Comcast about it, and they said that's how their gateway worked. An interesting point, when I first got Comcast, that didn't happen, but after a large network upgrade, I saw this behavior.

My current ISP is Verizon FiOS, and I only see activity on the link when it's mine.


----------



## af3 (Jun 18, 2008)

This happened to me too. At first, only my activity flashed the light. Now, it goes nuts by itself.

I think they are doing periodic scans for unauthorized services.
Also, my router likes to let other people use it.


----------



## Aokin (Jul 18, 2008)

Firstly I should specify that the computer in question uses dial-up and it is the only computer using this connection at any given time.

Is there any way a computer novice as myself could observe what the internet activity represents ? It really does fluctuate from no indicated activity to constant transmision for extended periods.

I know that now and then Windows Media and Adobe ask to update, perhaps they are checking their servers ? Ive tried to turn Windows Media off, but it keeps activating, likewise with Avast which I cannot even close down in task manager.


----------



## af3 (Jun 18, 2008)

NirSoft made a good program called CurrPorts* which shows you what connections are currently active much like netstat accompanied nice GUI. This will show you what programs in your compter are communicating on your connection.

*CurrPorts is freeware, at least the last time I checked.


----------



## clyde123 (Apr 10, 2008)

It might be Windows updates.
Or your anti virus programmes.


----------



## af3 (Jun 18, 2008)

It might be your sister watching YouTube videos of kittens...


----------



## Aokin (Jul 18, 2008)

Since my last post I have gone through my computer deleting numerous files or programs no longer used. This has helped somewhat but also of recent the computer has started to perform erratically.

By monitoring port activity with the CurrPorts program I note three programs are often open and 'listening'. These being netbios-ssn, epmap and microsoft-ds.

Are these legitimate, I think activity spikes in one is a related cause to frequent crashing. Anyway I can know or verify their legitimacy ?


----------



## johnwill (Sep 26, 2002)

Well, those three ports are also listening on my machine, and it works fine. :smile:


----------

